Set SameSite and Secure on cookies
This commit is contained in:
parent
643047402d
commit
5a8d1572b1
1 changed files with 4 additions and 1 deletions
|
@ -265,7 +265,8 @@ func (ctx *Context) SetSession(s *Session) {
|
|||
cookie := http.Cookie{
|
||||
Name: cookieName,
|
||||
HttpOnly: true,
|
||||
// TODO: domain, secure
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Secure: ctx.IsTLS(),
|
||||
}
|
||||
if s != nil {
|
||||
cookie.Value = s.token
|
||||
|
@ -285,6 +286,8 @@ func (ctx *Context) SetLoginToken(username, password string) {
|
|||
Expires: time.Now().Add(30 * 24 * time.Hour),
|
||||
Name: loginTokenCookieName,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Secure: ctx.IsTLS(),
|
||||
Path: "/login",
|
||||
}
|
||||
if username == "" {
|
||||
|
|
Loading…
Reference in a new issue