Add secure/httpOnly attributes to the lang cookie (#9690) (#14279)

author Timo Gurr <timo.gurr@gmail.com>

Thu, 7 Jan 2021 13:40:24 +0000 (14:40 +0100)

committer GitHub <noreply@github.com>

Thu, 7 Jan 2021 13:40:24 +0000 (14:40 +0100)
author Timo Gurr <timo.gurr@gmail.com>
Thu, 7 Jan 2021 13:40:24 +0000 (14:40 +0100)
committer GitHub <noreply@github.com>
Thu, 7 Jan 2021 13:40:24 +0000 (14:40 +0100)
diff --git a/routers/routes/macaron.go b/routers/routes/macaron.go

index 019b476e717696473b595d484e513e046523cc61..ca3599b7a0a52ee68d2b5489f01f05007361de58 100644 (file)
--- a/routers/routes/macaron.go
+++ b/routers/routes/macaron.go
@@ -83,13 +83,15 @@ func NewMacaron() *macaron.Macaron {
         }
  
         m.Use(i18n.I18n(i18n.Options{
-               SubURL:       setting.AppSubURL,
-               Files:        localFiles,
-               Langs:        setting.Langs,
-               Names:        setting.Names,
-               DefaultLang:  "en-US",
-               Redirect:     false,
-               CookieDomain: setting.SessionConfig.Domain,
+               SubURL:         setting.AppSubURL,
+               Files:          localFiles,
+               Langs:          setting.Langs,
+               Names:          setting.Names,
+               DefaultLang:    "en-US",
+               Redirect:       false,
+               CookieHttpOnly: true,
+               Secure:         setting.SessionConfig.Secure,
+               CookieDomain:   setting.SessionConfig.Domain,
         }))
         m.Use(cache.Cacher(cache.Options{
                 Adapter:       setting.CacheService.Adapter,
author	Timo Gurr <timo.gurr@gmail.com>
	Thu, 7 Jan 2021 13:40:24 +0000 (14:40 +0100)
committer	GitHub <noreply@github.com>
	Thu, 7 Jan 2021 13:40:24 +0000 (14:40 +0100)