jlelse
/
GoBlog
mirror of https://github.com/jlelse/GoBlog
1
Fork 0
Code Packages Releases Activity

Fix cookies for auth and captcha

This commit is contained in:
Jan-Lukas Else 2021-02-20 22:45:38 +01:00
parent be929058cf
commit bb73d4831c
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
authentication.go
View File

@ -121,8 +121,8 @@ func createTokenCookie(username string) (*http.Cookie, error) {
Name: "token", Name: "token",
Value: tokenString, Value: tokenString,
Expires: expiration, Expires: expiration,
Secure: true, Secure: httpsConfigured(),
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteLaxMode,
}, nil }, nil
} }

4
captcha.go
View File

@ -105,8 +105,8 @@ func createCaptchaCookie() (*http.Cookie, error) {
Name: "captcha", Name: "captcha",
Value: tokenString, Value: tokenString,
Expires: expiration, Expires: expiration,
Secure: true, Secure: httpsConfigured(),
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteLaxMode,
}, nil }, nil
} }

4
config.go
View File

@ -260,3 +260,7 @@ func initConfig() error {
} }
return nil return nil
} }
func httpsConfigured() bool {
return appConfig.Server.PublicHTTPS || appConfig.Server.SecurityHeaders || strings.HasPrefix(appConfig.Server.PublicAddress, "https")
}