toby3d/auth
toby3d
/
auth
1
0
Fork 0
Code Actions Packages Releases Activity

🔒 Updated cookie paths

This commit is contained in:
Maxim Lebedev 2022-06-22 19:22:19 +05:00
parent d464e2ee38
commit 364f974c0b
Signed by: toby3d
GPG Key ID: 1F14E25B7C119FC5
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/auth/delivery/http/auth_http.go
View File

@ -141,7 +141,7 @@ func (h *RequestHandler) Register(r *router.Router) {
ContextKey: "csrf",
CookieDomain: h.config.Server.Domain,
CookieName: "__Secure-csrf",
CookiePath: "",
CookiePath: "/authorize",
TokenLookup: "param:_csrf",
TokenLength: 0,
CookieSecure: true,
@ -239,7 +239,6 @@ func (h *RequestHandler) handleAuthorize(ctx *http.RequestCtx) {
func (h *RequestHandler) handleVerify(ctx *http.RequestCtx) {
ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
ctx.Request.Header.DelCookie("__Secure-csrf")
encoder := json.NewEncoder(ctx)

2
internal/ticket/delivery/http/ticket_http.go
View File

@ -70,7 +70,7 @@ func (h *RequestHandler) Register(r *router.Router) {
ContextKey: "csrf",
CookieDomain: h.config.Server.Domain,
CookieName: "__Secure-csrf",
CookiePath: "",
CookiePath: "/ticket",
TokenLookup: "form:_csrf",
TokenLength: 0,
CookieSecure: true,