diff options
| author | Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com> | 2018-05-22 02:09:48 +0300 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2018-05-22 02:09:48 +0300 |
| commit | ee878e3951d059363a1538a94d14576af8e7f83c (patch) | |
| tree | d9c84611272ea3651b40609cc0c51541e4e652b9 /routers | |
| parent | 31067c0a890cdbf81ea1c696601995f1806ce3a8 (diff) | |
| download | gitea-ee878e3951d059363a1538a94d14576af8e7f83c.tar.gz gitea-ee878e3951d059363a1538a94d14576af8e7f83c.zip | |
Support secure cookie for csrf-token (#3839)
* dep: Update github.com/go-macaron/csrf
Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.
This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie
Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
* routers: set csrf-token security depending on COOKIE_SECURE
Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/routes/routes.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 1585a0876d..cb9fbb16aa 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -119,6 +119,7 @@ func NewMacaron() *macaron.Macaron { Secret: setting.SecretKey, Cookie: setting.CSRFCookieName, SetCookie: true, + Secure: setting.SessionConfig.Secure, Header: "X-Csrf-Token", CookiePath: setting.AppSubURL, })) |