feat: implement server-side cookie-based authentication
- Add HTTP-only cookie setting in /api/auth/login endpoint - Support both Bearer token and cookie auth in /api/auth/me - Clear cookie on /api/auth/logout - Handle admin:admin dev fallback with cookie support - Update login.html to use 1 second redirect (cookie-based auth faster) Cookie configuration: - Name: quant_auth_token - HttpOnly: true (prevents JavaScript access) - Secure: based on HTTPS status - SameSite: Lax (for localhost compatibility) - Expires: 7 days Status: Cookie auth framework complete, testing in progress Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
Binary file not shown.
|
After Width: | Height: | Size: 211 KiB |
Reference in New Issue
Block a user