public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-29 10:57:44 +09:00
Code Issues Packages Projects Releases Wiki Activity

Support secure cookie for csrf-token (#3839)

Browse Source 
* dep: Update github.com/go-macaron/csrf

Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.

This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>

* routers: set csrf-token security depending on COOKIE_SECURE

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
This commit is contained in:
Aleksandr Bulyshchenko
2018-05-22 02:09:48 +03:00
committed by Lauris BH
parent 31067c0a89
commit ee878e3951
3 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
routers/routes/routes.go
View File

@@ -119,6 +119,7 @@ func NewMacaron() *macaron.Macaron {
Secret: setting.SecretKey,
Cookie: setting.CSRFCookieName,
SetCookie: true,
Secure: setting.SessionConfig.Secure,
Header: "X-Csrf-Token",
CookiePath: setting.AppSubURL,
}))