commit 09d6478d72fb91b7e18fbd96abebbfd574e02a6b
parent dc2421752feb97bed9b09f500b97d120e19d032c
Author: Shadowfacts <me@shadowfacts.net>
Date: Tue, 15 Feb 2022 10:00:07 -0500
[bugfix] Only mark cookies as Secure on https (#398)
Fixes cookies not being stored/sent by Safari when serving over plain http
Diffstat:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/internal/router/session.go b/internal/router/session.go
@@ -38,10 +38,10 @@ func SessionOptions() sessions.Options {
return sessions.Options{
Path: "/",
Domain: viper.GetString(config.Keys.Host),
- MaxAge: 120, // 2 minutes
- Secure: true, // only use cookie over https
- HttpOnly: true, // exclude javascript from inspecting cookie
- SameSite: http.SameSiteDefaultMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
+ MaxAge: 120, // 2 minutes
+ Secure: viper.GetString(config.Keys.Protocol) == "https", // only use cookie over https
+ HttpOnly: true, // exclude javascript from inspecting cookie
+ SameSite: http.SameSiteDefaultMode, // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
}
}
