Set cookiepath to AppSubUrl

author Martin van Beurden <chadoe@gmail.com>

Sun, 21 Sep 2014 12:07:00 +0000 (14:07 +0200)

committer Martin van Beurden <chadoe@gmail.com>

Sun, 21 Sep 2014 12:25:22 +0000 (14:25 +0200)
author Martin van Beurden <chadoe@gmail.com>
Sun, 21 Sep 2014 12:07:00 +0000 (14:07 +0200)
committer Martin van Beurden <chadoe@gmail.com>
Sun, 21 Sep 2014 12:25:22 +0000 (14:25 +0200)
diff --git a/cmd/web.go b/cmd/web.go

index 45f35a35afeb3163e3ee212116b6f6f975294bd6..83dfca4e6716ac7df1260433fa1f34fbf4a38027 100644 (file)
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -97,9 +97,10 @@ func newMacaron() *macaron.Macaron {
                 Config:   *setting.SessionConfig,
         }))
         m.Use(csrf.Generate(csrf.Options{
-               Secret:    setting.SecretKey,
-               SetCookie: true,
-               Header:    "X-Csrf-Token",
+               Secret:     setting.SecretKey,
+               SetCookie:  true,
+               Header:     "X-Csrf-Token",
+               CookiePath: setting.AppSubUrl,
         }))
         m.Use(toolbox.Toolboxer(m, toolbox.Options{
                 HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{
diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go

index 8fae5d1eced6b9bbcfed606587f4b0688d53ac4d..2bc05697a997ad77cf226a02a290d4f51f8794f3 100644 (file)
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -48,7 +48,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
                                 if strings.HasSuffix(ctx.Req.RequestURI, "watch") {
                                         return
                                 }
-                               ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI))
+                               ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
                                 ctx.Redirect(setting.AppSubUrl + "/user/login")
                                 return
                         } else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go

index 79b01133bdf0d81e055a003e0efc45a401e86813..f17018ddf366ce5912cd45cc2b126a88970a6e65 100644 (file)
--- a/modules/middleware/repo.go
+++ b/modules/middleware/repo.go
@@ -298,7 +298,7 @@ func RequireTrueOwner() macaron.Handler {
         return func(ctx *Context) {
                 if !ctx.Repo.IsTrueOwner && !ctx.Repo.IsAdmin {
                         if !ctx.IsSigned {
-                               ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI))
+                               ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
                                 ctx.Redirect(setting.AppSubUrl + "/user/login")
                                 return
                         }
diff --git a/modules/setting/setting.go b/modules/setting/setting.go

index 321282df25e4d68bf6a81b949ea93e8b117b873d..a1ab43d0222cf2812cd0df98f988e25adf3cb9d9 100644 (file)
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -380,6 +380,7 @@ func newSessionService() {
         SessionConfig = new(session.Config)
         SessionConfig.ProviderConfig = strings.Trim(Cfg.MustValue("session", "PROVIDER_CONFIG"), "\" ")
         SessionConfig.CookieName = Cfg.MustValue("session", "COOKIE_NAME", "i_like_gogits")
+       SessionConfig.CookiePath = AppSubUrl
         SessionConfig.Secure = Cfg.MustBool("session", "COOKIE_SECURE")
         SessionConfig.EnableSetCookie = Cfg.MustBool("session", "ENABLE_SET_COOKIE", true)
         SessionConfig.Gclifetime = Cfg.MustInt64("session", "GC_INTERVAL_TIME", 86400)
diff --git a/routers/repo/issue.go b/routers/repo/issue.go

index 3a028e58ff31ccc8d379965ec1c86251078dafe5..f854a22bbc64975c92735432ac43c89c73c7b26c 100644 (file)
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -54,7 +54,7 @@ func Issues(ctx *middleware.Context) {
         isShowClosed := ctx.Query("state") == "closed"
  
         if viewType != "all" && !ctx.IsSigned {
-               ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI))
+               ctx.SetCookie("redirect_to", "/"+url.QueryEscape(setting.AppSubUrl+ctx.Req.RequestURI), 0, setting.AppSubUrl)
                 ctx.Redirect(setting.AppSubUrl + "/user/login")
                 return
         }
diff --git a/routers/user/auth.go b/routers/user/auth.go

index 71622e55439b64705d1d87148c7ac2f9c6c05467..c695f929a7fff20403ca9f99d1fab7087b987361 100644 (file)
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -52,8 +52,8 @@ func SignIn(ctx *middleware.Context) {
         defer func() {
                 if !isSucceed {
                         log.Trace("auto-login cookie cleared: %s", uname)
-                       ctx.SetCookie(setting.CookieUserName, "", -1)
-                       ctx.SetCookie(setting.CookieRememberName, "", -1)
+                       ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
+                       ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
                         return
                 }
         }()
@@ -77,7 +77,7 @@ func SignIn(ctx *middleware.Context) {
         ctx.Session.Set("uid", u.Id)
         ctx.Session.Set("uname", u.Name)
         if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
-               ctx.SetCookie("redirect_to", "", -1)
+               ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)
                 ctx.Redirect(redirectTo)
                 return
         }
@@ -113,9 +113,9 @@ func SignInPost(ctx *middleware.Context, form auth.SignInForm) {
  
         if form.Remember {
                 days := 86400 * setting.LogInRememberDays
-               ctx.SetCookie(setting.CookieUserName, u.Name, days)
+               ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl)
                 ctx.SetSuperSecureCookie(base.EncodeMd5(u.Rands+u.Passwd),
-                       setting.CookieRememberName, u.Name, days)
+                       setting.CookieRememberName, u.Name, days, setting.AppSubUrl)
         }
  
         // Bind with social account.
@@ -135,7 +135,7 @@ func SignInPost(ctx *middleware.Context, form auth.SignInForm) {
         ctx.Session.Set("uid", u.Id)
         ctx.Session.Set("uname", u.Name)
         if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
-               ctx.SetCookie("redirect_to", "", -1)
+               ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)
                 ctx.Redirect(redirectTo)
                 return
         }
@@ -149,8 +149,8 @@ func SignOut(ctx *middleware.Context) {
         ctx.Session.Delete("socialId")
         ctx.Session.Delete("socialName")
         ctx.Session.Delete("socialEmail")
-       ctx.SetCookie(setting.CookieUserName, "", -1)
-       ctx.SetCookie(setting.CookieRememberName, "", -1)
+       ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
+       ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
         ctx.Redirect(setting.AppSubUrl + "/")
  }
author	Martin van Beurden <chadoe@gmail.com>
	Sun, 21 Sep 2014 12:07:00 +0000 (14:07 +0200)
committer	Martin van Beurden <chadoe@gmail.com>
	Sun, 21 Sep 2014 12:25:22 +0000 (14:25 +0200)
cmd/web.go		patch \| blob \| history
modules/middleware/auth.go		patch \| blob \| history
modules/middleware/repo.go		patch \| blob \| history
modules/setting/setting.go		patch \| blob \| history
routers/repo/issue.go		patch \| blob \| history
routers/user/auth.go		patch \| blob \| history