camzalewski/personal-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Fix Safari cookies and CSRF.

Browse source
This commit is contained in:
mikestefanello 2025-06-02 08:42:14 -04:00
parent 885a6ad7bf
commit 2a546dfe3d
1 changed files with 0 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/handlers/router.go
View file

@ -30,7 +30,6 @@ func BuildRouter(c *services.Container) error {
// Create a cookie store for session data. // Create a cookie store for session data.
cookieStore := sessions.NewCookieStore([]byte(c.Config.App.EncryptionKey)) cookieStore := sessions.NewCookieStore([]byte(c.Config.App.EncryptionKey))
cookieStore.Options.HttpOnly = true cookieStore.Options.HttpOnly = true
cookieStore.Options.Secure = true
cookieStore.Options.SameSite = http.SameSiteStrictMode cookieStore.Options.SameSite = http.SameSiteStrictMode
g.Use( g.Use(
@ -52,7 +51,6 @@ func BuildRouter(c *services.Container) error {
echomw.CSRFWithConfig(echomw.CSRFConfig{ echomw.CSRFWithConfig(echomw.CSRFConfig{
TokenLookup: "form:csrf", TokenLookup: "form:csrf",
CookieHTTPOnly: true, CookieHTTPOnly: true,
CookieSecure: true,
CookieSameSite: http.SameSiteStrictMode, CookieSameSite: http.SameSiteStrictMode,
ContextKey: context.CSRFKey, ContextKey: context.CSRFKey,
}), }),