aboutsummaryrefslogtreecommitdiffstats
path: root/routers/install.go
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-03-07 08:12:43 +0000
committerGitHub <noreply@github.com>2021-03-07 08:12:43 +0000
commit9b261f52f074fcc11fd705dae63084364c4f7adf (patch)
tree587521b6929105a76b288a962316504380c1c494 /routers/install.go
parentbeed5476e2831f7a0943d484873f4f49dfdd256f (diff)
downloadgitea-9b261f52f074fcc11fd705dae63084364c4f7adf.tar.gz
gitea-9b261f52f074fcc11fd705dae63084364c4f7adf.zip
Add SameSite setting for cookies (#14900)
Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default. There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR. Fix #5583 Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'routers/install.go')
-rw-r--r--routers/install.go5
1 files changed, 3 insertions, 2 deletions
diff --git a/routers/install.go b/routers/install.go
index cfe5582f2b..7f01738efe 100644
--- a/routers/install.go
+++ b/routers/install.go
@@ -424,9 +424,10 @@ func InstallPost(ctx *context.Context) {
}
days := 86400 * setting.LogInRememberDays
- ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
+ ctx.SetCookie(setting.CookieUserName, u.Name, days)
+
ctx.SetSuperSecureCookie(base.EncodeMD5(u.Rands+u.Passwd),
- setting.CookieRememberName, u.Name, days, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
+ setting.CookieRememberName, u.Name, days)
// Auto-login for admin
if err = ctx.Session.Set("uid", u.ID); err != nil {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 17:39:53 +0000