mirre-mt/pcmt
1
0
Fork 0
Code Issues 6 Pull Requests Releases 4 Activity

go: use '__Host' prefix with the csrf cookie
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
surtur 2023-08-04 17:26:51 +02:00
parent fb74533a96
commit 172703aab5
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/echoSettings.go
View File

@ -122,7 +122,10 @@ func (a *App) SetEchoSettings() {
csrfCookieName := "pcmt_csrf" csrfCookieName := "pcmt_csrf"
if a.setting.HTTPSecure() { if a.setting.HTTPSecure() {
csrfCookieName = "__Secure-" + csrfCookieName // https://www.sjoerdlangkemper.nl/2017/02/09/cookie-prefixes/
// https://scotthelme.co.uk/tough-cookies/
// https://check-your-website.server-daten.de/prefix-cookies.html
csrfCookieName = "__Host-" + csrfCookieName
} }
e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{ e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{