diff options
| author | zeripath <art27@cantab.net> | 2021-03-07 08:12:43 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-07 08:12:43 +0000 |
| commit | 9b261f52f074fcc11fd705dae63084364c4f7adf (patch) | |
| tree | 587521b6929105a76b288a962316504380c1c494 /modules/auth | |
| parent | beed5476e2831f7a0943d484873f4f49dfdd256f (diff) | |
| download | gitea-9b261f52f074fcc11fd705dae63084364c4f7adf.tar.gz gitea-9b261f52f074fcc11fd705dae63084364c4f7adf.zip | |
Add SameSite setting for cookies (#14900)
Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default.
There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR.
Fix #5583
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/auth')
| -rw-r--r-- | modules/auth/sso/sso.go | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/modules/auth/sso/sso.go b/modules/auth/sso/sso.go index 437bf3af7a..e670f1a8a7 100644 --- a/modules/auth/sso/sso.go +++ b/modules/auth/sso/sso.go @@ -13,7 +13,6 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/log" - "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/web/middleware" ) @@ -129,8 +128,8 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore } } - middleware.SetCookie(resp, "lang", user.Language, nil, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true) + middleware.SetLocaleCookie(resp, user.Language, 0) // Clear whatever CSRF has right now, force to generate a new one - middleware.SetCookie(resp, setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true) + middleware.DeleteCSRFCookie(resp) } |