camzalewski/personal-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Use more secure cookie settings.

Browse source
This commit is contained in:
mikestefanello 2025-02-12 22:01:30 -05:00
parent 575c46db22
commit f8192d3ad6
1 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
pkg/handlers/router.go
View file

@ -26,6 +26,12 @@ func BuildRouter(c *services.Container) error {
g.Use(echomw.HTTPSRedirect()) g.Use(echomw.HTTPSRedirect())
} }
// Create a cookie store for session data
cookieStore := sessions.NewCookieStore([]byte(c.Config.App.EncryptionKey))
cookieStore.Options.HttpOnly = true
cookieStore.Options.Secure = true
cookieStore.Options.SameSite = http.SameSiteStrictMode
g.Use( g.Use(
echomw.RemoveTrailingSlashWithConfig(echomw.TrailingSlashConfig{ echomw.RemoveTrailingSlashWithConfig(echomw.TrailingSlashConfig{
RedirectCode: http.StatusMovedPermanently, RedirectCode: http.StatusMovedPermanently,
@ -39,11 +45,14 @@ func BuildRouter(c *services.Container) error {
echomw.TimeoutWithConfig(echomw.TimeoutConfig{ echomw.TimeoutWithConfig(echomw.TimeoutConfig{
Timeout: c.Config.App.Timeout, Timeout: c.Config.App.Timeout,
}), }),
middleware.Session(sessions.NewCookieStore([]byte(c.Config.App.EncryptionKey))), middleware.Session(cookieStore),
middleware.LoadAuthenticatedUser(c.Auth), middleware.LoadAuthenticatedUser(c.Auth),
middleware.ServeCachedPage(c.TemplateRenderer), middleware.ServeCachedPage(c.TemplateRenderer),
echomw.CSRFWithConfig(echomw.CSRFConfig{ echomw.CSRFWithConfig(echomw.CSRFConfig{
TokenLookup: "form:csrf", TokenLookup: "form:csrf",
CookieHTTPOnly: true,
CookieSecure: true,
CookieSameSite: http.SameSiteStrictMode,
}), }),
) )