Mirror bug fix

diff --git a/cmd/web.go b/cmd/web.go
index 45f35a35afeb3163e3ee212116b6f6f975294bd6..83dfca4e6716ac7df1260433fa1f34fbf4a38027 100644 (file)
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -97,9 +97,10 @@ func newMacaron() *macaron.Macaron {
                Config:   *setting.SessionConfig,
        }))
        m.Use(csrf.Generate(csrf.Options{
-               Secret:    setting.SecretKey,
-               SetCookie: true,
-               Header:    "X-Csrf-Token",
+               Secret:     setting.SecretKey,
+               SetCookie:  true,
+               Header:     "X-Csrf-Token",
+               CookiePath: setting.AppSubUrl,
        }))
        m.Use(toolbox.Toolboxer(m, toolbox.Options{
                HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{

diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 321282df25e4d68bf6a81b949ea93e8b117b873d..a1ab43d0222cf2812cd0df98f988e25adf3cb9d9 100644 (file)
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -380,6 +380,7 @@ func newSessionService() {
        SessionConfig = new(session.Config)
        SessionConfig.ProviderConfig = strings.Trim(Cfg.MustValue("session", "PROVIDER_CONFIG"), "\" ")
        SessionConfig.CookieName = Cfg.MustValue("session", "COOKIE_NAME", "i_like_gogits")
+       SessionConfig.CookiePath = AppSubUrl
        SessionConfig.Secure = Cfg.MustBool("session", "COOKIE_SECURE")
        SessionConfig.EnableSetCookie = Cfg.MustBool("session", "ENABLE_SET_COOKIE", true)
        SessionConfig.Gclifetime = Cfg.MustInt64("session", "GC_INTERVAL_TIME", 86400)