From 0049bdd2ab6b6b743e9a0cf89f6cbabc8b08e2d4 Mon Sep 17 00:00:00 2001 From: Mike Crute Date: Wed, 17 Nov 2021 15:48:12 -0800 Subject: Cookies should be SameSite=Lax Strict means that cookies won't be sent in sub-requests as is the case when using a JSON formatter browser extension. --- app/middleware/auth.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/middleware/auth.go b/app/middleware/auth.go index b8bf7f9..a88313c 100644 --- a/app/middleware/auth.go +++ b/app/middleware/auth.go @@ -74,7 +74,7 @@ func (m *AuthenticationMiddleware) redirectToGitHubAuth(c echo.Context) error { Path: "/", Secure: true, HttpOnly: true, - SameSite: http.SameSiteStrictMode, + SameSite: http.SameSiteLaxMode, }) return c.Redirect(http.StatusFound, redir) @@ -217,7 +217,7 @@ func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error { Path: "/", MaxAge: int(m.CookieDuration.Seconds()), Secure: true, - SameSite: http.SameSiteStrictMode, + SameSite: http.SameSiteLaxMode, }) return c.Redirect(http.StatusFound, "/") -- cgit v1.2.3