feat(metarefresh): simplify random logic

Signed-off-by: Xe Iaso <me@xeiaso.net>
Merge branch 'main' into Xe/metarefresh-randomly-refresh-header
2026-04-10 18:48:44 +00:00 · 2025-09-16 21:07:29 +00:00 · 2025-09-16 16:50:19 -04:00 · 2025-09-16 20:34:10 +00:00 · 2025-09-16 20:32:25 +00:00 · 2025-09-16 20:23:46 +00:00
4 changed files with 2 additions and 4 deletions
--- a/.github/workflows/ssh-ci.yml
+++ b/.github/workflows/ssh-ci.yml
@@ -19,7 +19,7 @@ jobs:
          - riscv64
          - ppc64le
          - aarch64-4k
-          # - aarch64-16k
+          - aarch64-16k
    steps:
      - name: Checkout code
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
--- a/anubis.go
+++ b/anubis.go
@@ -11,7 +11,7 @@ var Version = "devel"

 // CookieName is the name of the cookie that Anubis uses in order to validate
 // access.
-var CookieName = "techaro.lol-anubis"
+var CookieName = "techaro.lol-anubis-auth"

 // TestCookieName is the name of the cookie that Anubis uses in order to check
 // if cookies are enabled on the client's browser.
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@@ -21,7 +21,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add validation warning when persistent storage is used without setting signing keys.
 - Fixed `robots2policy` to properly group consecutive user agents into `any:` instead of only processing the last one ([#925](https://github.com/TecharoHQ/anubis/pull/925)).
 - Add the [`s3api` storage backend](./admin/policies.mdx#s3api) to allow Anubis to use S3 API compatible object storage as its storage backend.
- Fix a "stutter" in the cookie name prefix so the auth cookie is named `techaro.lol-anubis-auth` instead of `techaro.lol-anubis-auth-auth`.
 - Make `cmd/containerbuild` support commas for separating elements of the `--docker-tags` argument as well as newlines.
 - Add the `DIFFICULTY_IN_JWT` option, which allows one to add the `difficulty` field in the JWT claims which indicates the difficulty of the token ([#1063](https://github.com/TecharoHQ/anubis/pull/1063)).
 - Ported the client-side JS to TypeScript to avoid egregious errors in the future.
--- a/docs/docs/user/known-instances.md
+++ b/docs/docs/user/known-instances.md
@@ -59,7 +59,6 @@ This page contains a non-exhaustive list with all websites using Anubis.
 - https://wiki.freepascal.org/
 - https://azurlane.koumakan.jp/
 - https://lab.civicrm.org/
- https://git.door43.org/
 - <details>
  <summary>FreeCAD</summary>
  - https://forum.freecad.org/
Author	SHA1	Message	Date
Xe Iaso	0c852a5607	feat(metarefresh): simplify random logic Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-16 21:07:29 +00:00
Xe Iaso	183f463f1c	Merge branch 'main' into Xe/metarefresh-randomly-refresh-header Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>	2025-09-16 16:50:19 -04:00
Xe Iaso	64a7195d19	docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-16 20:34:10 +00:00
Xe Iaso	cd21a96088	feat(metarefresh): randomly use the Refresh header There are several ways to trigger an automatic refresh without JavaScript. One of them is the "meta refresh" method[1], but the other is with the Refresh header[2]. Both are semantically identical and supported with browsers as old as Chrome version 1. Given that they are basically the same thing, this patch makes Anubis randomly select between them by using the challenge random data's first character. This will fire about 50% of the time. I expect this to have no impact. If this works out fine, then I will implement some kind of fallback logic for the fast challenge such that admins can opt into allowing clients with a no-js configuration to pass the fast challenge. This needs to bake in the oven though. [1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/http-equiv [2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Refresh Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-16 20:32:25 +00:00
Xe Iaso	7b11744582	feat(lib/challenge): expose ResponseWriter to challenge issuers Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-16 20:23:46 +00:00