diff options
author | Mike Crute <mike@crute.us> | 2021-11-17 15:48:12 -0800 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2021-11-17 15:48:12 -0800 |
commit | 0049bdd2ab6b6b743e9a0cf89f6cbabc8b08e2d4 (patch) | |
tree | 0ca6d471479049d52bf48210f65e6028487e80a6 | |
parent | 375654659ce828de4c24035c023c9ab551a37410 (diff) | |
download | cloud-identity-broker-0049bdd2ab6b6b743e9a0cf89f6cbabc8b08e2d4.tar.bz2 cloud-identity-broker-0049bdd2ab6b6b743e9a0cf89f6cbabc8b08e2d4.tar.xz cloud-identity-broker-0049bdd2ab6b6b743e9a0cf89f6cbabc8b08e2d4.zip |
Cookies should be SameSite=Lax
Strict means that cookies won't be sent in sub-requests as is the case
when using a JSON formatter browser extension.
-rw-r--r-- | app/middleware/auth.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/middleware/auth.go b/app/middleware/auth.go index b8bf7f9..a88313c 100644 --- a/app/middleware/auth.go +++ b/app/middleware/auth.go | |||
@@ -74,7 +74,7 @@ func (m *AuthenticationMiddleware) redirectToGitHubAuth(c echo.Context) error { | |||
74 | Path: "/", | 74 | Path: "/", |
75 | Secure: true, | 75 | Secure: true, |
76 | HttpOnly: true, | 76 | HttpOnly: true, |
77 | SameSite: http.SameSiteStrictMode, | 77 | SameSite: http.SameSiteLaxMode, |
78 | }) | 78 | }) |
79 | 79 | ||
80 | return c.Redirect(http.StatusFound, redir) | 80 | return c.Redirect(http.StatusFound, redir) |
@@ -217,7 +217,7 @@ func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error { | |||
217 | Path: "/", | 217 | Path: "/", |
218 | MaxAge: int(m.CookieDuration.Seconds()), | 218 | MaxAge: int(m.CookieDuration.Seconds()), |
219 | Secure: true, | 219 | Secure: true, |
220 | SameSite: http.SameSiteStrictMode, | 220 | SameSite: http.SameSiteLaxMode, |
221 | }) | 221 | }) |
222 | 222 | ||
223 | return c.Redirect(http.StatusFound, "/") | 223 | return c.Redirect(http.StatusFound, "/") |