server/beego
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix: Csrf token should be Secure and httpOnly, but not now

Browse Source
This commit is contained in:
dada0z 2022-06-18 19:50:00 +08:00
parent 8b43b87dbb
commit d696a37f48
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/web/context/context.go
View File

@ -270,7 +270,7 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
if !ok { if !ok {
token = string(utils.RandomCreateBytes(32)) token = string(utils.RandomCreateBytes(32))
// TODO make it configurable // TODO make it configurable
ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "") ctx.SetSecureCookie(key, "_xsrf", token, expire, "/", "", true, true)
} }
ctx._xsrfToken = token ctx._xsrfToken = token
} }