From 172703aab5834968133ac5b16598a1568a3ac2b7 Mon Sep 17 00:00:00 2001
From: surtur <wanderer@dotya.ml>
Date: Fri, 4 Aug 2023 17:26:51 +0200
Subject: [PATCH] go: use '__Host' prefix with the csrf cookie

---
 app/echoSettings.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/echoSettings.go b/app/echoSettings.go
index 7d01413..89122aa 100644
--- a/app/echoSettings.go
+++ b/app/echoSettings.go
@@ -122,7 +122,10 @@ func (a *App) SetEchoSettings() {
 
 	csrfCookieName := "pcmt_csrf"
 	if a.setting.HTTPSecure() {
-		csrfCookieName = "__Secure-" + csrfCookieName
+		// https://www.sjoerdlangkemper.nl/2017/02/09/cookie-prefixes/
+		// https://scotthelme.co.uk/tough-cookies/
+		// https://check-your-website.server-daten.de/prefix-cookies.html
+		csrfCookieName = "__Host-" + csrfCookieName
 	}
 
 	e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{