From 71790089fd1b0ff1f401bd0a2d867a40f783eb15 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Fri, 16 Sep 2022 12:36:45 +0200 Subject: [PATCH] change insecure option defaulting to false --- .../unreleased/fix-insecure-option-with-default-true.md | 6 ++++++ services/proxy/pkg/config/defaults/defaultconfig.go | 5 ++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 changelog/unreleased/fix-insecure-option-with-default-true.md diff --git a/changelog/unreleased/fix-insecure-option-with-default-true.md b/changelog/unreleased/fix-insecure-option-with-default-true.md new file mode 100644 index 0000000000..c62f6156aa --- /dev/null +++ b/changelog/unreleased/fix-insecure-option-with-default-true.md @@ -0,0 +1,6 @@ +Bugfix: Change the default value for PROXY_OIDC_INSECURE to false + +We've changed the default value for PROXY_OIDC_INSECURE to `false`. +Previously the default values was `true` which is not acceptable since default values need to be secure. + +https://github.com/owncloud/ocis/pull/4601 diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index 05740a72ef..931a5c3a76 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -33,9 +33,8 @@ func DefaultConfig() *config.Config { Name: "proxy", }, OIDC: config.OIDC{ - Issuer: "https://localhost:9200", - Insecure: true, - //Insecure: true, + Issuer: "https://localhost:9200", + AccessTokenVerifyMethod: config.AccessTokenVerificationJWT, UserinfoCache: config.UserinfoCache{ Size: 1024,