server/beego
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4990 from dada0z/develop

Browse Source 
bugfix: Csrf token should be Secure and httpOnly, but not now
This commit is contained in:
Ming Deng 2022-06-18 23:19:56 +08:00 committed by GitHub
commit 7fa92f927a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/web/context/context.go
View File

@ -270,7 +270,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
if !ok { if !ok {
token = string(utils.RandomCreateBytes(32)) token = string(utils.RandomCreateBytes(32))
// TODO make it configurable // TODO make it configurable
ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "") ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "", true, true)
} }
ctx._xsrfToken = token ctx._xsrfToken = token
} }