Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 06:40:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

http cookie: add max-age and samesite

Browse Source 
update deps too
This commit is contained in:
Nicola Murino
2021-05-16 09:13:00 +02:00
parent 15d6cd144a
commit 019b0f2fd5
6 changed files with 56 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
httpd/auth_utils.go
View File

@@ -136,21 +136,25 @@ func (c *jwtTokenClaims) createAndSetCookie(w http.ResponseWriter, r *http.Reque
Value: resp["access_token"].(string),
Path: basePath,
Expires: time.Now().Add(tokenDuration),
MaxAge: int(tokenDuration / time.Second),
HttpOnly: true,
Secure: isTLS(r),
SameSite: http.SameSiteStrictMode,
})
return nil
}
func (c *jwtTokenClaims) removeCookie(w http.ResponseWriter, r *http.Request) {
func (c *jwtTokenClaims) removeCookie(w http.ResponseWriter, r *http.Request, cookiePath string) {
http.SetCookie(w, &http.Cookie{
Name: "jwt",
Value: "",
Path: webBasePath,
Path: cookiePath,
Expires: time.Unix(0, 0),
MaxAge: -1,
HttpOnly: true,
Secure: isTLS(r),
SameSite: http.SameSiteStrictMode,
})
invalidateToken(r)
}