handlers: set cookie with SameSiteStrictMode

2023-04-19 03:34:23 +02:00 · 2023-04-19 03:34:23 +02:00 · 6ba09987a9
commit 6ba09987a9
parent 33c9b8a30e
1 changed files with 9 additions and 12 deletions
--- a/handlers/handlers.go
+++ b/handlers/handlers.go
@ -369,10 +369,9 @@ func SigninPost(client *ent.Client) echo.HandlerFunc {
 		secure := c.Request().URL.Scheme == "https"

 		cookieSession := &http.Cookie{
-			Name:  "session",
-			Value: username,
-			// SameSite: http.SameSiteStrictMode,
-			SameSite: http.SameSiteLaxMode,
+			Name:     "session",
+			Value:    username,
+			SameSite: http.SameSiteStrictMode,
 			MaxAge:   3600,
 			Secure:   secure,
 			HttpOnly: true,
@ -481,10 +480,9 @@ func SignupPost(client *ent.Client) echo.HandlerFunc {
 		// csrf := c.Get("csrf").(string)

 		cookieSession := &http.Cookie{
-			Name:  "session",
-			Value: username,
-			// SameSite: http.SameSiteStrictMode,
-			SameSite: http.SameSiteLaxMode,
+			Name:     "session",
+			Value:    username,
+			SameSite: http.SameSiteStrictMode,
 			MaxAge:   3600,
 			Secure:   secure,
 			HttpOnly: true,
@ -592,10 +590,9 @@ func Logout() echo.HandlerFunc {

 			secure := c.Request().URL.Scheme == "https"
 			cookieSession := &http.Cookie{
-				Name:  "session",
-				Value: "",
-				// SameSite: http.SameSiteStrictMode,
-				SameSite: http.SameSiteLaxMode,
+				Name:     "session",
+				Value:    "",
+				SameSite: http.SameSiteStrictMode,
 				MaxAge:   -1,
 				Secure:   secure,
 				HttpOnly: true,