domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706)

Browse source
This commit is contained in:
SagePtr 2018-08-14 22:16:37 +02:00 committed by Lauris BH
parent ca112f0a04
commit 0449330dbc
4 changed files with 26 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

4
routers/user/auth_openid.go
View file

@ -45,13 +45,13 @@ func SignInOpenID(ctx *context.Context) {
redirectTo := ctx.Query("redirect_to")
if len(redirectTo) > 0 {
ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL)
ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
} else {
redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to"))
}
if isSucceed {
ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL)
ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
ctx.RedirectToFirst(redirectTo)
return
}