devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix(server): set default app cookie to lax mode

Browse Source
This commit is contained in:
Lakhan Samani 2022-09-28 09:51:04 +05:30
parent 536fd87c3c
commit b1bc7b5370
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/cookie/cookie.go
View File

@ -29,10 +29,16 @@ func SetSession(gc *gin.Context, sessionID string) {
domain = "." + domain domain = "." + domain
} }
// Use sameSite = lax by default
// For more information check:
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
// https://github.com/gin-gonic/gin/blob/master/context.go#L86
// TODO add ability to sameSite = none / strict from dashboard
gc.SetSameSite(http.SameSiteLaxMode)
// TODO allow configuring from dashboard // TODO allow configuring from dashboard
year := 60 * 60 * 24 * 365 year := 60 * 60 * 24 * 365
gc.SetSameSite(http.SameSiteNoneMode)
gc.SetCookie(constants.AppCookieName+"_session", sessionID, year, "/", host, secure, httpOnly) gc.SetCookie(constants.AppCookieName+"_session", sessionID, year, "/", host, secure, httpOnly)
gc.SetCookie(constants.AppCookieName+"_session_domain", sessionID, year, "/", domain, secure, httpOnly) gc.SetCookie(constants.AppCookieName+"_session_domain", sessionID, year, "/", domain, secure, httpOnly)
} }