Add secure/httpOnly attributes to the lang cookie (#9690) (#14279)

author: Timo Gurr <timo.gurr@gmail.com> 2021-01-07 14:40:24 +0100
committer: GitHub <noreply@github.com> 2021-01-07 14:40:24 +0100
commit: c1e30c9a8449058d926c4d4a500ce457ef683909 (patch)
tree: f0d026bf884366f0618e9086f15708796fccb63b
parent: 3c96a3716288b0ae1ae65df44cc92218b489b77f (diff)
download: gitea-c1e30c9a8449058d926c4d4a500ce457ef683909.tar.gz
gitea-c1e30c9a8449058d926c4d4a500ce457ef683909.zip
1 files changed, 9 insertions, 7 deletions
diff --git a/routers/routes/macaron.go b/routers/routes/macaron.go
index 019b476e71..ca3599b7a0 100644
--- a/routers/routes/macaron.go
+++ b/routers/routes/macaron.go
@@ -83,13 +83,15 @@ func NewMacaron() *macaron.Macaron {
 	}
 
 	m.Use(i18n.I18n(i18n.Options{
-		SubURL:       setting.AppSubURL,
-		Files:        localFiles,
-		Langs:        setting.Langs,
-		Names:        setting.Names,
-		DefaultLang:  "en-US",
-		Redirect:     false,
-		CookieDomain: setting.SessionConfig.Domain,
+		SubURL:         setting.AppSubURL,
+		Files:          localFiles,
+		Langs:          setting.Langs,
+		Names:          setting.Names,
+		DefaultLang:    "en-US",
+		Redirect:       false,
+		CookieHttpOnly: true,
+		Secure:         setting.SessionConfig.Secure,
+		CookieDomain:   setting.SessionConfig.Domain,
 	}))
 	m.Use(cache.Cacher(cache.Options{
 		Adapter:       setting.CacheService.Adapter,
author	Timo Gurr <timo.gurr@gmail.com>	2021-01-07 14:40:24 +0100
committer	GitHub <noreply@github.com>	2021-01-07 14:40:24 +0100
commit	c1e30c9a8449058d926c4d4a500ce457ef683909 (patch)
tree	f0d026bf884366f0618e9086f15708796fccb63b
parent	3c96a3716288b0ae1ae65df44cc92218b489b77f (diff)
download	gitea-c1e30c9a8449058d926c4d4a500ce457ef683909.tar.gz gitea-c1e30c9a8449058d926c4d4a500ce457ef683909.zip