server/beego
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4990 from dada0z/develop

Browse Source 
bugfix: Csrf token should be Secure and httpOnly, but not now
This commit is contained in:
Ming Deng 2022-06-18 23:19:56 +08:00 committed by GitHub
commit 7fa92f927a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/web/context/context.go
View File

@ -270,7 +270,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
if !ok {
token = string(utils.RandomCreateBytes(32))
// TODO make it configurable
ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "")
ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "", true, true)
}
ctx._xsrfToken = token
}