Merge pull request 'fix(backend): make cookie more strict' (#37) from cookie-security into master

Reviewed-on: https://git.freecumextremist.com/grumbulon/pomme/pulls/37
This commit is contained in:
Sam Therapy 2023-02-28 15:48:25 +00:00
commit db98d20205
2 changed files with 14 additions and 14 deletions

View file

@ -98,11 +98,11 @@ func Login(w http.ResponseWriter, r *http.Request) {
HttpOnly: true,
Expires: time.Now().Add(1 * time.Hour),
MaxAge: 3600,
SameSite: http.SameSiteLaxMode,
// Uncomment below for HTTPS:
// Secure: true,
Name: "jwt", // Must be named "jwt" or else the token cannot be searched for by jwtauth.Verifier.
Value: token,
SameSite: http.SameSiteStrictMode,
// Comment below to disable HTTPS:
Secure: true,
Name: "jwt", // Must be named "jwt" or else the token cannot be searched for by jwtauth.Verifier.
Value: token,
})
w.Header().Set("Content-Type", "application/json; charset=utf-8")
@ -120,10 +120,10 @@ func Logout(w http.ResponseWriter, r *http.Request) {
http.SetCookie(w, &http.Cookie{
HttpOnly: true,
MaxAge: -1, // Delete the cookie.
SameSite: http.SameSiteLaxMode,
// Secure: true,
Name: "jwt",
Value: "",
SameSite: http.SameSiteStrictMode,
Secure: true,
Name: "jwt",
Value: "",
})
w.Header().Set("Content-Type", "application/json; charset=utf-8")

View file

@ -71,11 +71,11 @@ func NewUser(w http.ResponseWriter, r *http.Request) {
HttpOnly: true,
Expires: time.Now().Add(1 * time.Hour),
MaxAge: 3600,
SameSite: http.SameSiteLaxMode,
// Uncomment below for HTTPS:
// Secure: true,
Name: "jwt", // Must be named "jwt" or else the token cannot be searched for by jwtauth.Verifier.
Value: token,
SameSite: http.SameSiteStrictMode,
// Comment below to disable HTTPS:
Secure: true,
Name: "jwt", // Must be named "jwt" or else the token cannot be searched for by jwtauth.Verifier.
Value: token,
})
w.Header().Set("Content-Type", "application/json; charset=utf-8")