scriptos/keywarden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

fix: harden auth timing, cookie attrs, password gen bias, email template escaping; add security tests

Browse Source
This commit is contained in:
Patrick Asmus
2026-04-08 20:45:16 +02:00
parent fe31ef5a3c
commit ca402eb88e
7 changed files with 549 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/security.md
View File

@@ -180,7 +180,7 @@ WARN: KEYWARDEN_TRUSTED_PROXIES not set proxy headers (X-Forwarded-For) are
- Cookie name: `keywarden_session`
- Cookie flags:
- `HttpOnly` — Not accessible via JavaScript
- `SameSite=Lax` — Prevents CSRF from external sites
- `SameSite=Strict` — Prevents CSRF from external sites
- `Secure` — Only over HTTPS (when enabled)
- `MaxAge=86400` — 24 hours
- Sessions stored in-memory (not persisted across restarts)