server/beego
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix: Csrf token should be Secure and httpOnly, but not now

Browse Source
This commit is contained in:
dada0z 2022-06-18 19:50:00 +08:00
parent 8b43b87dbb
commit d696a37f48
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/web/context/context.go
View File

@ -270,7 +270,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
if !ok {
token = string(utils.RandomCreateBytes(32))
// TODO make it configurable
ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "")
ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "", true, true)
}
ctx._xsrfToken = token
}