fix: mend auth cookie name stutter

Signed-off-by: Xe Iaso <me@xeiaso.net>
ci(ssh): disable aarch64-16k until my SFP connecter comes in on friday
2026-04-08 09:38:45 +00:00 · 2025-09-19 16:49:38 +00:00 · 2025-09-17 16:00:10 +00:00 · 2025-09-17 13:11:11 +00:00 · 2025-09-16 17:32:13 -04:00
4 changed files with 4 additions and 2 deletions
--- a/.github/workflows/ssh-ci.yml
+++ b/.github/workflows/ssh-ci.yml
@@ -19,7 +19,7 @@ jobs:
          - riscv64
          - ppc64le
          - aarch64-4k
-          - aarch64-16k
+          # - aarch64-16k
    steps:
      - name: Checkout code
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
--- a/anubis.go
+++ b/anubis.go
@@ -11,7 +11,7 @@ var Version = "devel"

 // CookieName is the name of the cookie that Anubis uses in order to validate
 // access.
-var CookieName = "techaro.lol-anubis-auth"
+var CookieName = "techaro.lol-anubis"

 // TestCookieName is the name of the cookie that Anubis uses in order to check
 // if cookies are enabled on the client's browser.
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@@ -21,6 +21,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add validation warning when persistent storage is used without setting signing keys.
 - Fixed `robots2policy` to properly group consecutive user agents into `any:` instead of only processing the last one ([#925](https://github.com/TecharoHQ/anubis/pull/925)).
 - Add the [`s3api` storage backend](./admin/policies.mdx#s3api) to allow Anubis to use S3 API compatible object storage as its storage backend.
+- Fix a "stutter" in the cookie name prefix so the auth cookie is named `techaro.lol-anubis-auth` instead of `techaro.lol-anubis-auth-auth`.
 - Make `cmd/containerbuild` support commas for separating elements of the `--docker-tags` argument as well as newlines.
 - Add the `DIFFICULTY_IN_JWT` option, which allows one to add the `difficulty` field in the JWT claims which indicates the difficulty of the token ([#1063](https://github.com/TecharoHQ/anubis/pull/1063)).
 - Ported the client-side JS to TypeScript to avoid egregious errors in the future.
--- a/docs/docs/user/known-instances.md
+++ b/docs/docs/user/known-instances.md
@@ -59,6 +59,7 @@ This page contains a non-exhaustive list with all websites using Anubis.
 - https://wiki.freepascal.org/
 - https://azurlane.koumakan.jp/
 - https://lab.civicrm.org/
+- https://git.door43.org/
 - <details>
  <summary>FreeCAD</summary>
  - https://forum.freecad.org/
Author	SHA1	Message	Date
Xe Iaso	77b0a714be	fix: mend auth cookie name stutter Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-19 16:49:38 +00:00
Xe Iaso	9439466ff2	ci(ssh): disable aarch64-16k until my SFP connecter comes in on friday Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-17 16:00:10 +00:00
Richard Mahn	4787aeca51	Add Door43 link to known instances documentation (#1136 ) Signed-off-by: Richard Mahn <richmahn@users.noreply.github.com>	2025-09-17 13:11:11 +00:00
Xe Iaso	fb3637df95	feat(metarefresh): randomly use the Refresh header (#1133 ) * feat(lib/challenge): expose ResponseWriter to challenge issuers Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(metarefresh): randomly use the Refresh header There are several ways to trigger an automatic refresh without JavaScript. One of them is the "meta refresh" method[1], but the other is with the Refresh header[2]. Both are semantically identical and supported with browsers as old as Chrome version 1. Given that they are basically the same thing, this patch makes Anubis randomly select between them by using the challenge random data's first character. This will fire about 50% of the time. I expect this to have no impact. If this works out fine, then I will implement some kind of fallback logic for the fast challenge such that admins can opt into allowing clients with a no-js configuration to pass the fast challenge. This needs to bake in the oven though. [1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/http-equiv [2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Refresh Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(metarefresh): simplify random logic Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>	2025-09-16 17:32:13 -04:00