Updated changelog and documentation for secure flag option

Add secure flag test
Set Cookies to use the Secure Flag and default SameSite to None
2026-05-03 13:52:42 +00:00 · 2025-06-30 14:07:44 -04:00 · 2025-06-30 14:07:44 -04:00 · 2025-06-30 14:06:22 -04:00
10 changed files with 27 additions and 52 deletions
@@ -75,7 +75,6 @@ domainhere
 dracula
 dronebl
 droneblresponse
 dropin
 duckduckbot
 eerror
 ellenjoe
@@ -238,7 +237,6 @@ risc
 ruleset
 runlevels
 RUnlock
 runtimedir
 sas
 sasl
 Scumm
@@ -330,4 +328,5 @@ yoursite
 Zenos
 zizmor
 zombocom
 Zonbocom
 zos
@@ -32,7 +32,3 @@ const APIPrefix = "/.within.website/x/cmd/anubis/api/"
 // DefaultDifficulty is the default "difficulty" (number of leading zeroes)
 // that must be met by the client in order to pass the challenge.
 const DefaultDifficulty = 4
 // ForcedLanguage is the language being used instead of the one of the request's Accept-Language header
 // if being set.
 var ForcedLanguage = ""
@@ -50,7 +50,6 @@ var (
 	cookieExpiration         = flag.Duration("cookie-expiration-time", anubis.CookieDefaultExpirationTime, "The amount of time the authorization cookie is valid for")
 	cookiePrefix             = flag.String("cookie-prefix", "techaro.lol-anubis", "prefix for browser cookies created by Anubis")
 	cookiePartitioned        = flag.Bool("cookie-partitioned", false, "if true, sets the partitioned flag on Anubis cookies, enabling CHIPS support")
 	forcedLanguage           = flag.String("forced-language", "", "if set, this language is being used instead of the one from the request's Accept-Language header")
 	hs512Secret              = flag.String("hs512-secret", "", "secret used to sign JWTs, uses ed25519 if not set")
 	cookieSecure             = flag.Bool("cookie-secure", true, "if true, sets the secure flag on Anubis cookies")
 	ed25519PrivateKeyHex     = flag.String("ed25519-private-key-hex", "", "private key used to sign JWTs, if not set a random one will be assigned")
@@ -379,7 +378,6 @@ func main() {
 	anubis.CookieName = *cookiePrefix + "-auth"
 	anubis.TestCookieName = *cookiePrefix + "-cookie-verification"
 	anubis.ForcedLanguage = *forcedLanguage
 	// If OpenGraph configuration values are not set in the config file, use the
 	// values from flags / envvars.
@@ -10,34 +10,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [Unreleased]
 <!-- This changes the project to: -->
 - Add `COOKIE_SECURE` option to set the cookie [Secure flag](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies)
 - Sets cookie defaults to use [SameSite: None](https://web.dev/articles/samesite-cookies-explained)
 - Determine the `BIND_NETWORK`/`--bind-network` value from the bind address ([#677](https://github.com/TecharoHQ/anubis/issues/677)).
 - Implement localization system. Find locale files in lib/localization/locales/.
 - Implement a [development container](https://containers.dev/) manifest to make contributions easier.
 - Fix dynamic cookie domains functionality ([#731](https://github.com/TecharoHQ/anubis/pull/731))
 - Add option for custom cookie prefix ([#732](https://github.com/TecharoHQ/anubis/pull/732))
 - Remove the "Success" interstitial after a proof of work challenge is concluded.
 - Add option for forcing a specific language ([#742](https://github.com/TecharoHQ/anubis/pull/742))
 ### Potentially breaking changes
 The following potentially breaking change applies to native installs with systemd only:
 Each instance of systemd service template now has a unique `RuntimeDirectory`, as opposed to each instance of the service sharing a `RuntimeDirectory`. This change was made to avoid [the `RuntimeDirectory` getting nuked any time one of the Anubis instances restarts](https://github.com/TecharoHQ/anubis/issues/748).
 If you configured Anubis' unix sockets to listen on `/run/anubis/foo.sock` for instance `anubis@foo`, you will need to configure Anubis to listen on `/run/anubis/foo/sock` and additionally configure your HTTP load balancer as appropriate.
 If you need the legacy behaviour, install this [systemd unit dropin](https://www.flatcar.org/docs/latest/setup/systemd/drop-in-units/):
 ```systemd
 # /etc/systemd/system/anubis@.service.d/50-runtimedir.conf
 [Service]
 RuntimeDirectory=anubis
 ```
 ## v1.20.0: Thancred Waters
@@ -1,6 +1,6 @@
 // Code generated by templ - DO NOT EDIT.
-// templ: version: v0.3.906
+// templ: version: v0.3.898
 package metarefresh
 //lint:file-ignore SA4006 This context is only used if a nested component is present.
@@ -27,10 +27,10 @@
  "static_check_endpoint": "Este é apenas um ponto de verificação para seu proxy reverso usar.",
  "authorization_required": "Autorização necessária",
  "cookies_disabled": "Seu navegador está configurado para desabilitar cookies. O Anubis requer cookies para o interesse legítimo de garantir que você seja um cliente válido. Habilite os cookies para este domínio.",
-  "access_denied": "Acesso negado: código de erro",
+  "access_denied": "Acesso negado: código de errado",
  "dronebl_entry": "DroneBL relatou uma entrada",
  "see_dronebl_lookup": "consulte",
-  "internal_server_error": "Erro interno do servidor: o administrador configurou incorretamente o Anubis. Entre em contato com o administrador e peça para analisar os logs relacionados.",
+  "internal_server_error": "Erro interno do servidor: o administrador configurou incorretamente o Anubis. Entre em contato com o administrador e peça para ele procurar os logs em torno dele.",
  "invalid_redirect": "Redirecionamento inválido",
  "redirect_not_parseable": "URL de redirecionamento não analisável",
  "redirect_domain_not_allowed": "Domínio de redirecionamento não permitido",
@@ -3,7 +3,6 @@ package localization
 import (
 	"embed"
 	"encoding/json"
 	"github.com/TecharoHQ/anubis"
 	"net/http"
 	"strings"
 	"sync"
@@ -58,14 +57,14 @@ func NewLocalizationService() *LocalizationService {
 		globalService = &LocalizationService{bundle: bundle}
 	})
-
+	
 	// Safety check - if globalService is still nil, create a minimal one
 	if globalService == nil {
 		bundle := i18n.NewBundle(language.English)
 		bundle.RegisterUnmarshalFunc("json", json.Unmarshal)
 		globalService = &LocalizationService{bundle: bundle}
 	}
-
+	
 	return globalService
 }
@@ -94,13 +93,8 @@ func (sl *SimpleLocalizer) T(messageID string) string {
 	return sl.Localizer.MustLocalize(&i18n.LocalizeConfig{MessageID: messageID})
 }
-// GetLocalizer creates a localizer based on the request's Accept-Language header or forcedLanguage option
+// GetLocalizer creates a localizer based on the request's Accept-Language header
 func GetLocalizer(r *http.Request) *SimpleLocalizer {
-	var localizer *i18n.Localizer
+	localizer := NewLocalizationService().GetLocalizerFromRequest(r)
 	if anubis.ForcedLanguage == "" {
 		localizer = NewLocalizationService().GetLocalizerFromRequest(r)
 	} else {
 		localizer = NewLocalizationService().GetLocalizer(anubis.ForcedLanguage)
 	}
 	return &SimpleLocalizer{Localizer: localizer}
 }
@@ -12,7 +12,7 @@ CacheDirectory=anubis/%i
 CacheDirectoryMode=0755
 StateDirectory=anubis/%i
 StateDirectoryMode=0755
-RuntimeDirectory=anubis/%i
+RuntimeDirectory=anubis
 RuntimeDirectoryMode=0755
 ReadWritePaths=/run
@@ -1,6 +1,6 @@
 // Code generated by templ - DO NOT EDIT.
-// templ: version: v0.3.906
+// templ: version: v0.3.898
 package web
 //lint:file-ignore SA4006 This context is only used if a nested component is present.
@@ -212,6 +212,11 @@ const t = (key) => translations[`js_${key}`] || translations[key] || key;
    const t1 = Date.now();
    console.log({ hash, nonce });
    title.innerHTML = t('success');
    status.innerHTML = `${t('done_took')} ${t1 - t0}ms, ${nonce} ${t('iterations')}`;
    image.src = imageURL("happy", anubisVersion, basePrefix);
    progress.style.display = "none";
    if (userReadDetails) {
      const container = document.getElementById("progress");
@@ -246,15 +251,17 @@ const t = (key) => translations[`js_${key}`] || translations[key] || key;
      container.onclick = onDetailsExpand;
      setTimeout(onDetailsExpand, 30000);
    } else {
-      const redir = window.location.href;
+      setTimeout(() => {
-      window.location.replace(
+        const redir = window.location.href;
-        u(`${basePrefix}/.within.website/x/cmd/anubis/api/pass-challenge`, {
+        window.location.replace(
-          response: hash,
+          u(`${basePrefix}/.within.website/x/cmd/anubis/api/pass-challenge`, {
-          nonce,
+            response: hash,
-          redir,
+            nonce,
-          elapsedTime: t1 - t0,
+            redir,
-        }),
+            elapsedTime: t1 - t0,
-      );
+          }),
        );
      }, 250);
    }
  } catch (err) {
    ohNoes({
Author	SHA1	Message	Date
Victor Fernandes	cea98f7742	Updated changelog and documentation for secure flag option	2025-06-30 14:07:44 -04:00
Victor Fernandes	5c618b61ac	Add secure flag test	2025-06-30 14:07:44 -04:00
Victor Fernandes	7ebc322479	Set Cookies to use the Secure Flag and default SameSite to None	2025-06-30 14:06:22 -04:00