From 5a8d1572b1297c3a72fd33ee42d15e6368a52936 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Thu, 5 Nov 2020 10:35:27 -0500 Subject: Set SameSite and Secure on cookies --- server.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server.go b/server.go index 7a82d35..759a9bb 100644 --- a/server.go +++ b/server.go @@ -265,7 +265,8 @@ func (ctx *Context) SetSession(s *Session) { cookie := http.Cookie{ Name: cookieName, HttpOnly: true, - // TODO: domain, secure + SameSite: http.SameSiteStrictMode, + Secure: ctx.IsTLS(), } if s != nil { cookie.Value = s.token @@ -285,6 +286,8 @@ func (ctx *Context) SetLoginToken(username, password string) { Expires: time.Now().Add(30 * 24 * time.Hour), Name: loginTokenCookieName, HttpOnly: true, + SameSite: http.SameSiteStrictMode, + Secure: ctx.IsTLS(), Path: "/login", } if username == "" { -- cgit v1.2.3