Add sameSite attribute to cookies

2020-09-13 16:36:07 +02:00 · 2020-09-13 16:36:07 +02:00 · 1d8c4a375c
commit 1d8c4a375c
parent 4619e2356a
1 changed files with 12 additions and 10 deletions
--- a/auth.go
+++ b/auth.go
@ -20,12 +20,13 @@ func validateAuthToken(u *User, _ httprouter.Params, _ []byte) HTTPResponse {

 func logout(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse {
 	http.SetCookie(w, &http.Cookie{
-		Name: "auth",
-		Value: "",
-		Path: baseURL + "/",
-		Expires: time.Unix(0,0),
-		Secure: true,
+		Name:     "auth",
+		Value:    "",
+		Path:     baseURL + "/",
+		Expires:  time.Unix(0, 0),
+		Secure:   true,
 		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
 	})

 	return APIResponse{true}
@ -54,12 +55,13 @@ func completeAuth(w http.ResponseWriter, username string, email string, firstnam
 	}

 	http.SetCookie(w, &http.Cookie{
-		Name: "auth",
-		Value: base64.StdEncoding.EncodeToString(session.Id),
-		Path: baseURL + "/",
-		Expires: time.Now().Add(30 * 24 * time.Hour),
-		//Secure: true,
+		Name:     "auth",
+		Value:    base64.StdEncoding.EncodeToString(session.Id),
+		Path:     baseURL + "/",
+		Expires:  time.Now().Add(30 * 24 * time.Hour),
+		Secure:   true,
 		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
 	})

 	return nil