Skip to content

Commit

Permalink
fix:(middlewares.go) - Set Cookie SameSite mode to Strict - 1776 (#1777)
Browse files Browse the repository at this point in the history 
* None is deprecated and will fallback to Lax in the future.
* Using Strict is future proof and provides additional CSR protection

Signed-off-by: Manuel Kroeber <manuel.kroeber@gmail.com>

Signed-off-by: Manuel Kroeber <manuel.kroeber@gmail.com>
  • Loading branch information
@ElectronicWar
ElectronicWar committed Sep 27, 2022
1 parent 751e42c commit 72cde6d
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion server/middlewares.go
View file
Expand Up @@ -112,7 +112,7 @@ func clientUniqueIdAdder(next http.Handler) http.Handler {
MaxAge: consts.CookieExpiry,
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteNoneMode,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
http.SetCookie(w, c)
Expand Down
1 change: 1 addition & 0 deletions server/subsonic/middlewares.go
View file
Expand Up @@ -161,6 +161,7 @@ func getPlayer(players core.Players) func(next http.Handler) http.Handler {
Value: player.ID,
MaxAge: consts.CookieExpiry,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/",
}
http.SetCookie(w, cookie)
Expand Down

0 comments on commit 72cde6d

Please sign in to comment.