diff options
Diffstat (limited to 'routers/routes/routes.go')
| -rw-r--r-- | routers/routes/routes.go | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/routers/routes/routes.go b/routers/routes/routes.go index e2448a7446..e5476fd227 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -116,12 +116,13 @@ func NewMacaron() *macaron.Macaron { })) m.Use(session.Sessioner(setting.SessionConfig)) m.Use(csrf.Csrfer(csrf.Options{ - Secret: setting.SecretKey, - Cookie: setting.CSRFCookieName, - SetCookie: true, - Secure: setting.SessionConfig.Secure, - Header: "X-Csrf-Token", - CookiePath: setting.AppSubURL, + Secret: setting.SecretKey, + Cookie: setting.CSRFCookieName, + SetCookie: true, + Secure: setting.SessionConfig.Secure, + CookieHttpOnly: true, + Header: "X-Csrf-Token", + CookiePath: setting.AppSubURL, })) m.Use(toolbox.Toolboxer(m, toolbox.Options{ HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{ |