summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar tobi <31960611+tsmethurst@users.noreply.github.com>2022-05-25 18:08:12 +0200
committerLibravatar GitHub <noreply@github.com>2022-05-25 18:08:12 +0200
commitf848aaa81f04666dae29e0bb85ccf31d30574de7 (patch)
tree18357cadd4e4adf2f8aae7b8c68274395ca70ec5
parent[chore] Serialize times as UTC ISO8601 instead of RFC3339 (#602) (diff)
downloadgotosocial-f848aaa81f04666dae29e0bb85ccf31d30574de7.tar.xz
[security] Set SameSite to `strict` instead of browser default (#606)
Diffstat
-rw-r--r--internal/router/session.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/internal/router/session.go b/internal/router/session.go
index 4c83b5902..a2cbff7d1 100644
--- a/internal/router/session.go
+++ b/internal/router/session.go
@@ -42,7 +42,7 @@ func SessionOptions() sessions.Options {
MaxAge: 120, // 2 minutes
Secure: viper.GetString(config.Keys.Protocol) == "https", // only use cookie over https
HttpOnly: true, // exclude javascript from inspecting cookie
- SameSite: http.SameSiteDefaultMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
+ SameSite: http.SameSiteStrictMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-12 23:02:00 +0000