SameSite + httpOnly CSRF cookie
This commit is contained in:
parent
5c3b6351d8
commit
25fbed4d44
|
@ -180,8 +180,10 @@ func userAuthHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Reque
|
||||||
// https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie
|
// https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie
|
||||||
csrfToken := owl.GenerateRandomString(32)
|
csrfToken := owl.GenerateRandomString(32)
|
||||||
cookie := http.Cookie{
|
cookie := http.Cookie{
|
||||||
Name: "csrf_token",
|
Name: "csrf_token",
|
||||||
Value: csrfToken,
|
Value: csrfToken,
|
||||||
|
HttpOnly: true,
|
||||||
|
SameSite: http.SameSiteStrictMode,
|
||||||
}
|
}
|
||||||
http.SetCookie(w, &cookie)
|
http.SetCookie(w, &cookie)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue