🔒 Updated cookie paths
This commit is contained in:
parent
d464e2ee38
commit
364f974c0b
|
@ -141,7 +141,7 @@ func (h *RequestHandler) Register(r *router.Router) {
|
||||||
ContextKey: "csrf",
|
ContextKey: "csrf",
|
||||||
CookieDomain: h.config.Server.Domain,
|
CookieDomain: h.config.Server.Domain,
|
||||||
CookieName: "__Secure-csrf",
|
CookieName: "__Secure-csrf",
|
||||||
CookiePath: "",
|
CookiePath: "/authorize",
|
||||||
TokenLookup: "param:_csrf",
|
TokenLookup: "param:_csrf",
|
||||||
TokenLength: 0,
|
TokenLength: 0,
|
||||||
CookieSecure: true,
|
CookieSecure: true,
|
||||||
|
@ -239,7 +239,6 @@ func (h *RequestHandler) handleAuthorize(ctx *http.RequestCtx) {
|
||||||
func (h *RequestHandler) handleVerify(ctx *http.RequestCtx) {
|
func (h *RequestHandler) handleVerify(ctx *http.RequestCtx) {
|
||||||
ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
|
ctx.Response.Header.Set(http.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
|
||||||
ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
|
ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
|
||||||
ctx.Request.Header.DelCookie("__Secure-csrf")
|
|
||||||
|
|
||||||
encoder := json.NewEncoder(ctx)
|
encoder := json.NewEncoder(ctx)
|
||||||
|
|
||||||
|
|
|
@ -70,7 +70,7 @@ func (h *RequestHandler) Register(r *router.Router) {
|
||||||
ContextKey: "csrf",
|
ContextKey: "csrf",
|
||||||
CookieDomain: h.config.Server.Domain,
|
CookieDomain: h.config.Server.Domain,
|
||||||
CookieName: "__Secure-csrf",
|
CookieName: "__Secure-csrf",
|
||||||
CookiePath: "",
|
CookiePath: "/ticket",
|
||||||
TokenLookup: "form:_csrf",
|
TokenLookup: "form:_csrf",
|
||||||
TokenLength: 0,
|
TokenLength: 0,
|
||||||
CookieSecure: true,
|
CookieSecure: true,
|
||||||
|
|
Loading…
Reference in New Issue