gitea/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-06-23 06:28:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706)

Browse Source
This commit is contained in:
SagePtr
2018-08-14 22:16:37 +02:00
committed by Lauris BH
parent ca112f0a04
commit 0449330dbc
4 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
routers/routes/routes.go
View File

@ -116,12 +116,13 @@ func NewMacaron() *macaron.Macaron {
}))
m.Use(session.Sessioner(setting.SessionConfig))
m.Use(csrf.Csrfer(csrf.Options{
Secret: setting.SecretKey,
Cookie: setting.CSRFCookieName,
SetCookie: true,
Secure: setting.SessionConfig.Secure,
Header: "X-Csrf-Token",
CookiePath: setting.AppSubURL,
Secret: setting.SecretKey,
Cookie: setting.CSRFCookieName,
SetCookie: true,
Secure: setting.SessionConfig.Secure,
CookieHttpOnly: true,
Header: "X-Csrf-Token",
CookiePath: setting.AppSubURL,
}))
m.Use(toolbox.Toolboxer(m, toolbox.Options{
HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{