handlers: set cookie with SameSiteStrictMode
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
leo 2023-04-19 03:34:23 +02:00
parent 33c9b8a30e
commit 6ba09987a9
Signed by: wanderer
SSH Key Fingerprint: SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ

@ -369,10 +369,9 @@ func SigninPost(client *ent.Client) echo.HandlerFunc {
secure := c.Request().URL.Scheme == "https" secure := c.Request().URL.Scheme == "https"
cookieSession := &http.Cookie{ cookieSession := &http.Cookie{
Name: "session", Name: "session",
Value: username, Value: username,
// SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteLaxMode,
MaxAge: 3600, MaxAge: 3600,
Secure: secure, Secure: secure,
HttpOnly: true, HttpOnly: true,
@ -481,10 +480,9 @@ func SignupPost(client *ent.Client) echo.HandlerFunc {
// csrf := c.Get("csrf").(string) // csrf := c.Get("csrf").(string)
cookieSession := &http.Cookie{ cookieSession := &http.Cookie{
Name: "session", Name: "session",
Value: username, Value: username,
// SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteLaxMode,
MaxAge: 3600, MaxAge: 3600,
Secure: secure, Secure: secure,
HttpOnly: true, HttpOnly: true,
@ -592,10 +590,9 @@ func Logout() echo.HandlerFunc {
secure := c.Request().URL.Scheme == "https" secure := c.Request().URL.Scheme == "https"
cookieSession := &http.Cookie{ cookieSession := &http.Cookie{
Name: "session", Name: "session",
Value: "", Value: "",
// SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteStrictMode,
SameSite: http.SameSiteLaxMode,
MaxAge: -1, MaxAge: -1,
Secure: secure, Secure: secure,
HttpOnly: true, HttpOnly: true,