rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use secure cookies iff https is enabled

Browse source
This commit is contained in:
Tom Wiesing 2023-11-21 13:34:21 +01:00
parent 50dc4f3a2e
commit 0ba34fe80f
No known key found for this signature in database
1 changed files with 1 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/dis/component/server/server.go
View file

@ -124,9 +124,7 @@ func (server *Server) Server(ctx context.Context, progress io.Writer) (public ht
// CSRF returns a CSRF handler for the given function
func (server *Server) csrf() func(http.Handler) http.Handler {
var opts []csrf.Option
if !server.Config.HTTP.HTTPSEnabled() {
opts = append(opts, csrf.Secure(false))
}
opts = append(opts, csrf.Secure(server.Config.HTTP.HTTPSEnabled()))
opts = append(opts, csrf.SameSite(csrf.SameSiteStrictMode))
opts = append(opts, csrf.CookieName(CSRFCookie))
opts = append(opts, csrf.FieldName(CSRFCookieField))