From 364f974c0bbcbf02060cf2b2a810ad530eb70c16 Mon Sep 17 00:00:00 2001
From: Maxim Lebedev <git@toby3d.me>
Date: Wed, 22 Jun 2022 19:22:19 +0500
Subject: [PATCH] :lock: Updated cookie paths

---
 internal/auth/delivery/http/auth_http.go     | 3 +--
 internal/ticket/delivery/http/ticket_http.go | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/internal/auth/delivery/http/auth_http.go b/internal/auth/delivery/http/auth_http.go
index 5173a02..11a996b 100644
--- a/internal/auth/delivery/http/auth_http.go
+++ b/internal/auth/delivery/http/auth_http.go
@@ -141,7 +141,7 @@ func (h *RequestHandler) Register(r *router.Router) {
 			ContextKey:     "csrf",
 			CookieDomain:   h.config.Server.Domain,
 			CookieName:     "__Secure-csrf",
-			CookiePath:     "",
+			CookiePath:     "/authorize",
 			TokenLookup:    "param:_csrf",
 			TokenLength:    0,
 			CookieSecure:   true,
@@ -239,7 +239,6 @@ func (h *RequestHandler) handleAuthorize(ctx *http.RequestCtx) {
 func (h *RequestHandler) handleVerify(ctx *http.RequestCtx) {
 	ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
 	ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
-	ctx.Request.Header.DelCookie("__Secure-csrf")
 
 	encoder := json.NewEncoder(ctx)
 
diff --git a/internal/ticket/delivery/http/ticket_http.go b/internal/ticket/delivery/http/ticket_http.go
index 68c7aa6..83350b0 100644
--- a/internal/ticket/delivery/http/ticket_http.go
+++ b/internal/ticket/delivery/http/ticket_http.go
@@ -70,7 +70,7 @@ func (h *RequestHandler) Register(r *router.Router) {
 			ContextKey:     "csrf",
 			CookieDomain:   h.config.Server.Domain,
 			CookieName:     "__Secure-csrf",
-			CookiePath:     "",
+			CookiePath:     "/ticket",
 			TokenLookup:    "form:_csrf",
 			TokenLength:    0,
 			CookieSecure:   true,