Apply bits of the cookie settings PR one by one (#140)

Enables uses to change the cookie domain and partitioned flags. Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-27 15:24:03 -04:00 · 2025-03-27 15:24:03 -04:00 · 7d4be0dcec
commit 7d4be0dcec
parent d1d63d9c18
9 changed files with 168 additions and 56 deletions
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@ -19,6 +19,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fix default difficulty setting that was broken in a refactor
 - Linting fixes
 - Make dark mode diff lines readable in the documentation
+- Add the ability to set the cookie domain with the envvar `COOKIE_DOMAIN=techaro.lol` for all domains under `techaro.lol`
+- Add the ability to set the cookie partitioned flag with the envvar `COOKIE_PARTITIONED=true`
+- Fix CI based browser smoke test

 ## v1.14.2

--- a/docs/docs/admin/installation.mdx
+++ b/docs/docs/admin/installation.mdx
@ -45,6 +45,8 @@ Anubis uses these environment variables for configuration:
 | :------------------------ | :---------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `BIND`                    | `:8923`                 | The network address that Anubis listens on. For `unix`, set this to a path: `/run/anubis/instance.sock`                                                                                                                                                                                  |
 | `BIND_NETWORK`            | `tcp`                   | The address family that Anubis listens on. Accepts `tcp`, `unix` and anything Go's [`net.Listen`](https://pkg.go.dev/net#Listen) supports.                                                                                                                                               |
+| `COOKIE_DOMAIN`           | unset                   | The domain the Anubis challenge pass cookie should be set to. This should be set to the domain you bought from your registrar (EG: `techaro.lol` if your webapp is running on `anubis.techaro.lol`). See [here](https://stackoverflow.com/a/1063760) for more information.               |
+| `COOKIE_PARTITIONED`      | `false`                 | If set to `true`, enables the [partitioned (CHIPS) flag](https://developers.google.com/privacy-sandbox/cookies/chips), meaning that Anubis inside an iframe has a different set of cookies than the domain hosting the iframe.                                                           |
 | `DIFFICULTY`              | `5`                     | The difficulty of the challenge, or the number of leading zeroes that must be in successful responses.                                                                                                                                                                                   |
 | `ED25519_PRIVATE_KEY_HEX` |                         | The hex-encoded ed25519 private key used to sign Anubis responses. If this is not set, Anubis will generate one for you. This should be exactly 64 characters long. See below for details.                                                                                               |
 | `METRICS_BIND`            | `:9090`                 | The network address that Anubis serves Prometheus metrics on. See `BIND` for more information.                                                                                                                                                                                           |