Cleanup

README.md

@@ -30,7 +30,7 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE
 Type=simple
 User=user
 WorkingDirectory=/home/user/
-ExecStart=/home/user/hub -listen <addr>:https -secure=true -root-dir=/home/user
+ExecStart=/home/user/hub -listen <addr>:https -root-dir=/home/user
 Restart=always
 RestartSec=8
 TimeoutStopSec=24

hub/app.go

@@ -19,14 +19,14 @@ var templateFS embed.FS
 type Config struct {
 	RootDir    string
 	ListenAddr string
-	Secure     bool
+	Insecure   bool
 }
 
 type App struct {
 	api      *api.API
 	mux      *http.ServeMux
 	tmpl     map[string]*template.Template
-	secure bool
+	insecure bool
 }
 
 func NewApp(conf Config) (*App, error) {
@@ -39,7 +39,7 @@ func NewApp(conf Config) (*App, error) {
 		api:      api,
 		mux:      http.NewServeMux(),
 		tmpl:     webutil.ParseTemplateSet(templateFuncs, templateFS),
-		secure: conf.Secure,
+		insecure: conf.Insecure,
 	}
 
 	app.registerRoutes()

hub/cookie.go

@@ -17,8 +17,9 @@ func (a *App) setCookie(w http.ResponseWriter, name, value string) {
 		Name:     name,
 		Value:    value,
 		Path:     "/",
-		Secure:   a.secure,
+		Secure:   !a.insecure,
 		SameSite: http.SameSiteStrictMode,
+		HttpOnly: true,
 		MaxAge:   86400 * 365 * 10,
 	})
 }

hub/main.go

@@ -15,7 +15,7 @@ func Main() {
 	conf := Config{}
 	flag.StringVar(&conf.RootDir, "root-dir", "", "[REQUIRED] Root directory.")
 	flag.StringVar(&conf.ListenAddr, "listen", "", "[REQUIRED] Listen address.")
-	flag.BoolVar(&conf.Secure, "secure", false, "Use secure cookies.")
+	flag.BoolVar(&conf.Insecure, "insecure", false, "Don't use secure cookies.")
 
 	flag.Parse()