starred/whoogle-search
1
0
Fork 0
mirror of https://github.com/benbusby/whoogle-search.git synced 2026-04-25 04:05:57 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[GH-ISSUE #539] [FEATURE] Considering to use much secure session cookie. #348

New issue
Closed
opened 2026-02-25 20:35:30 +03:00 by kerem · 1 comment
kerem commented 2026-02-25 20:35:30 +03:00
Owner
Copy link

Originally created by @nakoo on GitHub (Nov 19, 2021).
Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/539

Describe the feature you'd like to see added
Whoogle should only use session cookie when HTTPS is enforced so that we can improve the security by adding __host (OR __secure) prefix and Secure flag. Current set-cookie header is not secure option.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

mo1

mo2

(screenshots from Mozilla Observatory)

Additional context
Since Whoogle now use much better implemetation of disabled cookie situation (#480), now we can enforce HTTPS to use session cookie. I think it's good time to do so.

Originally created by @nakoo on GitHub (Nov 19, 2021). Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/539 <!-- DO NOT REQUEST UI/THEME/GUI/APPEARANCE IMPROVEMENTS HERE THESE SHOULD GO IN ISSUE #60 REQUESTING A NEW FEATURE SHOULD BE STRICTLY RELATED TO NEW FUNCTIONALITY --> **Describe the feature you'd like to see added** Whoogle should only use session cookie when HTTPS is enforced so that we can improve the security by adding `__host` (OR `__secure`) prefix and `Secure` flag. Current set-cookie header is not secure option. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie ![mo1](https://user-images.githubusercontent.com/4975021/142615672-7f0d29ae-f294-4794-9564-76321226be9d.png) ![mo2](https://user-images.githubusercontent.com/4975021/142615692-36d81785-7c33-4910-b47c-6f140a3caadc.png) (screenshots from Mozilla Observatory) **Additional context** Since Whoogle now use much better implemetation of disabled cookie situation (#480), now we can enforce HTTPS to use session cookie. I think it's good time to do so.
kerem 2026-02-25 20:35:30 +03:00
kerem commented 2026-02-25 20:35:31 +03:00
Author
Owner
Copy link

@benbusby commented on GitHub (Nov 20, 2021):

Added -- these values are only set when the HTTPS_ONLY var is set though. Otherwise instances running in local networks w/o SSL wouldn't be able to use sessions anymore.

Thanks for the suggestion!

<!-- gh-comment-id:974726901 --> @benbusby commented on GitHub (Nov 20, 2021): Added -- these values are only set when the `HTTPS_ONLY` var is set though. Otherwise instances running in local networks w/o SSL wouldn't be able to use sessions anymore. Thanks for the suggestion!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/pip/python-dotenv-1.2.2
v1.2.4
v1.2.3
v1.2.2
v1.2.1-test
v1.1.2
v1.1.1-beta
v1.1.0
v1.1.0-beta
v1.0.0-beta
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.4
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.1
v0.4.0
v0.3.2
v0.3.1
v0.3.0
v0.2.1
0.2.0
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1
Labels
Clear labels   
Fixed (Pending PR Merge)

   
Stale

   
bug

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
keep-open

   
needs more info

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
theme

   
unfortunate
No labels
Fixed (Pending PR Merge)
Stale
bug
enhancement
enhancement
good first issue
help wanted
keep-open
needs more info
pull-request
question
theme
unfortunate
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/whoogle-search#348
No description provided.