domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Support secure cookie for csrf-token (#3839)

Browse source 
* dep: Update github.com/go-macaron/csrf

Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.

This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>

* routers: set csrf-token security depending on COOKIE_SECURE

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
This commit is contained in:
Aleksandr Bulyshchenko 2018-05-22 02:09:48 +03:00 committed by Lauris BH
parent 31067c0a89
commit ee878e3951
3 changed files with 21 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

1
routers/routes/routes.go
View file

@ -119,6 +119,7 @@ func NewMacaron() *macaron.Macaron {
Secret: setting.SecretKey,
Cookie: setting.CSRFCookieName,
SetCookie: true,
Secure: setting.SessionConfig.Secure,
Header: "X-Csrf-Token",
CookiePath: setting.AppSubURL,
}))