Skip to content
Permalink
Browse files Browse the repository at this point in the history
Support secure mode for csrf cookie (#7)
Options struct has Secure flag for csrf cookie, but it's just ignored
and corresponding argument of SetCookie() is hardcodded to false.

This pass Options.Secure to SetCookie in csrf.Generate()

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
  • Loading branch information
AleksandrBulyshchenko authored and unknwon committed Apr 26, 2018
1 parent 428b7c6 commit dadd171
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion csrf.go
Expand Up @@ -222,7 +222,7 @@ func Generate(options ...Options) macaron.Handler {
// FIXME: actionId.
x.Token = GenerateToken(x.Secret, x.ID, "POST")
if opt.SetCookie {
ctx.SetCookie(opt.Cookie, x.Token, 0, opt.CookiePath, "", false, opt.CookieHttpOnly, time.Now().AddDate(0, 0, 1))
ctx.SetCookie(opt.Cookie, x.Token, 0, opt.CookiePath, "", opt.Secure, opt.CookieHttpOnly, time.Now().AddDate(0, 0, 1))
}
}

Expand Down

0 comments on commit dadd171

Please sign in to comment.