mirror of https://github.com/tailscale/tailscale/
client/web: don't require secure cookies for csrf
Under normal circumstances, you would typically want to keep the default behavior of requiring secure cookies. In the case of the Tailscale web client, we are regularly serving on localhost (where secure cookies don't really matter), and/or we are behind a reverse proxy running on a network appliance like a NAS or Home Assistant. In those cases, those devices are regularly accessed over local IP addresses without https configured, so would not work with secure cookies. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>pull/9053/head
parent
f61dd12f05
commit
9ea3942b1a
Loading…
Reference in New Issue