SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[security] Set SameSite to strict instead of browser default (#606)

Browse Source
This commit is contained in:
tobi
2022-05-25 18:08:12 +02:00
committed by GitHub
parent a54efa09f9
commit f848aaa81f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/router/session.go
View File

@@ -42,7 +42,7 @@ func SessionOptions() sessions.Options {
MaxAge: 120, // 2 minutes
Secure: viper.GetString(config.Keys.Protocol) == "https", // only use cookie over https
HttpOnly: true, // exclude javascript from inspecting cookie
SameSite: http.SameSiteDefaultMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
SameSite: http.SameSiteStrictMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
}
}