mirror of
https://git.freecumextremist.com/grumbulon/pomme.git
synced 2024-11-22 10:03:45 +00:00
Merge pull request 'fix(backend): make cookie more strict' (#37) from cookie-security into master
Reviewed-on: https://git.freecumextremist.com/grumbulon/pomme/pulls/37
This commit is contained in:
commit
db98d20205
2 changed files with 14 additions and 14 deletions
|
@ -98,11 +98,11 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
|||
HttpOnly: true,
|
||||
Expires: time.Now().Add(1 * time.Hour),
|
||||
MaxAge: 3600,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
// Uncomment below for HTTPS:
|
||||
// Secure: true,
|
||||
Name: "jwt", // Must be named "jwt" or else the token cannot be searched for by jwtauth.Verifier.
|
||||
Value: token,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
// Comment below to disable HTTPS:
|
||||
Secure: true,
|
||||
Name: "jwt", // Must be named "jwt" or else the token cannot be searched for by jwtauth.Verifier.
|
||||
Value: token,
|
||||
})
|
||||
|
||||
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||
|
@ -120,10 +120,10 @@ func Logout(w http.ResponseWriter, r *http.Request) {
|
|||
http.SetCookie(w, &http.Cookie{
|
||||
HttpOnly: true,
|
||||
MaxAge: -1, // Delete the cookie.
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
// Secure: true,
|
||||
Name: "jwt",
|
||||
Value: "",
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Secure: true,
|
||||
Name: "jwt",
|
||||
Value: "",
|
||||
})
|
||||
|
||||
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||
|
|
|
@ -71,11 +71,11 @@ func NewUser(w http.ResponseWriter, r *http.Request) {
|
|||
HttpOnly: true,
|
||||
Expires: time.Now().Add(1 * time.Hour),
|
||||
MaxAge: 3600,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
// Uncomment below for HTTPS:
|
||||
// Secure: true,
|
||||
Name: "jwt", // Must be named "jwt" or else the token cannot be searched for by jwtauth.Verifier.
|
||||
Value: token,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
// Comment below to disable HTTPS:
|
||||
Secure: true,
|
||||
Name: "jwt", // Must be named "jwt" or else the token cannot be searched for by jwtauth.Verifier.
|
||||
Value: token,
|
||||
})
|
||||
|
||||
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||
|
|
Loading…
Reference in a new issue