teach/atsebay.t
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add sameSite attribute to cookies

Browse Source
This commit is contained in:
nemunaire 2020-09-13 16:36:07 +02:00
parent 4619e2356a
commit 1d8c4a375c
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
auth.go
View File

@ -20,12 +20,13 @@ func validateAuthToken(u *User, _ httprouter.Params, _ []byte) HTTPResponse {
func logout(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse { func logout(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse {
http.SetCookie(w, &http.Cookie{ http.SetCookie(w, &http.Cookie{
Name: "auth", Name: "auth",
Value: "", Value: "",
Path: baseURL + "/", Path: baseURL + "/",
Expires: time.Unix(0,0), Expires: time.Unix(0, 0),
Secure: true, Secure: true,
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}) })
return APIResponse{true} return APIResponse{true}
@ -54,12 +55,13 @@ func completeAuth(w http.ResponseWriter, username string, email string, firstnam
} }
http.SetCookie(w, &http.Cookie{ http.SetCookie(w, &http.Cookie{
Name: "auth", Name: "auth",
Value: base64.StdEncoding.EncodeToString(session.Id), Value: base64.StdEncoding.EncodeToString(session.Id),
Path: baseURL + "/", Path: baseURL + "/",
Expires: time.Now().Add(30 * 24 * time.Hour), Expires: time.Now().Add(30 * 24 * time.Hour),
//Secure: true, Secure: true,
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}) })
return nil return nil