Deuxfleurs/alps
23
1
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity

Set SameSite and Secure on cookies

Browse source
This commit is contained in:
Drew DeVault 2020-11-05 10:35:27 -05:00
parent 643047402d
commit 5a8d1572b1
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
server.go
View file

@ -265,7 +265,8 @@ func (ctx *Context) SetSession(s *Session) {
cookie := http.Cookie{ cookie := http.Cookie{
Name: cookieName, Name: cookieName,
HttpOnly: true, HttpOnly: true,
// TODO: domain, secure SameSite: http.SameSiteStrictMode,
Secure: ctx.IsTLS(),
} }
if s != nil { if s != nil {
cookie.Value = s.token cookie.Value = s.token
@ -285,6 +286,8 @@ func (ctx *Context) SetLoginToken(username, password string) {
Expires: time.Now().Add(30 * 24 * time.Hour), Expires: time.Now().Add(30 * 24 * time.Hour),
Name: loginTokenCookieName, Name: loginTokenCookieName,
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Secure: ctx.IsTLS(),
Path: "/login", Path: "/login",
} }
if username == "" { if username == "" {