mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-11-26 05:36:38 +00:00
[security] Set SameSite to strict
instead of browser default (#606)
This commit is contained in:
parent
a54efa09f9
commit
f848aaa81f
|
@ -42,7 +42,7 @@ func SessionOptions() sessions.Options {
|
||||||
MaxAge: 120, // 2 minutes
|
MaxAge: 120, // 2 minutes
|
||||||
Secure: viper.GetString(config.Keys.Protocol) == "https", // only use cookie over https
|
Secure: viper.GetString(config.Keys.Protocol) == "https", // only use cookie over https
|
||||||
HttpOnly: true, // exclude javascript from inspecting cookie
|
HttpOnly: true, // exclude javascript from inspecting cookie
|
||||||
SameSite: http.SameSiteDefaultMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
|
SameSite: http.SameSiteStrictMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue