fix(auth,frontend): secure cookie HTTP fix, technique links y CSP
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
- auth: desacopla SECURE_COOKIES de AEGIS_ENV para que el login funcione sobre HTTP (SECURE_COOKIES=false en servidor local) - TechniqueCell: button -> Link para href real (right-click, a11y) - TechniquesPage: añade Link en celda MITRE ID en vista lista - nginx CSP: amplía connect-src con ws:/wss: para evitar bloqueos Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
kitos
@@ -34,7 +34,16 @@ from app.schemas.user import PasswordChange
|
||||
|
||||
router = APIRouter(prefix="/auth", tags=["auth"])
|
||||
|
||||
_IS_HTTPS = os.environ.get("AEGIS_ENV", "").lower() == "production"
|
||||
# SECURE_COOKIES desacopla la seguridad de la cookie del entorno de ejecucion.
|
||||
# Por defecto activo en produccion; ponlo en "false" para servidores HTTP.
|
||||
_aegis_env = os.environ.get("AEGIS_ENV", "development").lower()
|
||||
_secure_cookie_env = os.environ.get("SECURE_COOKIES", "auto").lower()
|
||||
if _secure_cookie_env == "false":
|
||||
_IS_HTTPS = False
|
||||
elif _secure_cookie_env == "true":
|
||||
_IS_HTTPS = True
|
||||
else: # "auto" — activo solo si AEGIS_ENV=production
|
||||
_IS_HTTPS = _aegis_env == "production"
|
||||
_COOKIE_NAME = "aegis_token"
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user