Fix cookies for auth and captcha

2021-02-20 22:45:38 +01:00 · 2021-02-20 22:45:38 +01:00 · bb73d4831c
parent be929058cf
commit bb73d4831c
3 changed files with 8 additions and 4 deletions
--- a/authentication.go
+++ b/authentication.go
@ -121,8 +121,8 @@ func createTokenCookie(username string) (*http.Cookie, error) {
 		Name:     "token",
 		Value:    tokenString,
 		Expires:  expiration,
-		Secure:   true,
+		Secure:   httpsConfigured(),
 		HttpOnly: true,
-		SameSite: http.SameSiteStrictMode,
+		SameSite: http.SameSiteLaxMode,
 	}, nil
 }
--- a/captcha.go
+++ b/captcha.go
@ -105,8 +105,8 @@ func createCaptchaCookie() (*http.Cookie, error) {
 		Name:     "captcha",
 		Value:    tokenString,
 		Expires:  expiration,
-		Secure:   true,
+		Secure:   httpsConfigured(),
 		HttpOnly: true,
-		SameSite: http.SameSiteStrictMode,
+		SameSite: http.SameSiteLaxMode,
 	}, nil
 }
--- a/config.go
+++ b/config.go
@ -260,3 +260,7 @@ func initConfig() error {
 	}
 	return nil
 }
+
+func httpsConfigured() bool {
+	return appConfig.Server.PublicHTTPS || appConfig.Server.SecurityHeaders || strings.HasPrefix(appConfig.Server.PublicAddress, "https")
+}