SameSite + httpOnly CSRF cookie

This commit is contained in:
Niko Abeler 2022-11-07 21:24:39 +01:00
parent 5c3b6351d8
commit 25fbed4d44
1 changed files with 4 additions and 2 deletions

View File

@ -182,6 +182,8 @@ func userAuthHandler(repo *owl.Repository) func(http.ResponseWriter, *http.Reque
cookie := http.Cookie{
Name: "csrf_token",
Value: csrfToken,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}
http.SetCookie(w, &cookie)