SameSite + httpOnly CSRF cookie

micropub
Niko Abeler 3 months ago
parent 5c3b6351d8
commit 25fbed4d44
  1. 6
      cmd/owl/web/handler.go

@ -180,8 +180,10 @@ func userAuthHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Reque
// https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie
csrfToken := owl.GenerateRandomString(32)
cookie := http.Cookie{
Name: "csrf_token",
Value: csrfToken,
Name: "csrf_token",
Value: csrfToken,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}
http.SetCookie(w, &cookie)

Loading…
Cancel
Save