mirrors
/
gotosocial
mirror of
1
Fork 0
Code Issues Releases Activity

[bugfix] Only mark cookies as Secure on https (#398) 

Fixes cookies not being stored/sent by Safari when serving over plain http
This commit is contained in:
Shadowfacts 2022-02-15 10:00:07 -05:00 committed by GitHub
parent dc2421752f
commit 09d6478d72
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/router/session.go
View File

@ -39,7 +39,7 @@ func SessionOptions() sessions.Options {
Path: "/",
Domain: viper.GetString(config.Keys.Host),
MaxAge: 120, // 2 minutes
Secure: true, // only use cookie over https
Secure: viper.GetString(config.Keys.Protocol) == "https", // only use cookie over https
HttpOnly: true, // exclude javascript from inspecting cookie
SameSite: http.SameSiteDefaultMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
}