tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-08-12 12:38:20 +00:00
Code Releases Activity

Make cookies HttpOnly and obey COOKIE_SECURE flag (#4707)

Browse Source
This commit is contained in:
SagePtr
2018-08-14 22:19:20 +02:00
committed by techknowlogick
parent cbe8a1f0e6
commit 052aa54b2b
4 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
routers/routes/routes.go
View File

@@ -116,12 +116,13 @@ func NewMacaron() *macaron.Macaron {
}))
m.Use(session.Sessioner(setting.SessionConfig))
m.Use(csrf.Csrfer(csrf.Options{
Secret: setting.SecretKey,
Cookie: setting.CSRFCookieName,
SetCookie: true,
Secure: setting.SessionConfig.Secure,
Header: "X-Csrf-Token",
CookiePath: setting.AppSubURL,
Secret: setting.SecretKey,
Cookie: setting.CSRFCookieName,
SetCookie: true,
Secure: setting.SessionConfig.Secure,
CookieHttpOnly: true,
Header: "X-Csrf-Token",
CookiePath: setting.AppSubURL,
}))
m.Use(toolbox.Toolboxer(m, toolbox.Options{
HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{