Skip to content

Commit c9bb2b7

Browse files
authored
chore: fix CSRF (#876)
1 parent 64e5c34 commit c9bb2b7

File tree

2 files changed

+5
-0
lines changed

2 files changed

+5
-0
lines changed

Diff for: server/acl.go

+1
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ func setUserSession(ctx echo.Context, user *api.User) error {
2727
Path: "/",
2828
MaxAge: 3600 * 24 * 30,
2929
HttpOnly: true,
30+
SameSite: http.SameSiteStrictMode,
3031
}
3132
sess.Values[userIDContextKey] = user.ID
3233
err := sess.Save(ctx.Request(), ctx.Response())

Diff for: server/server.go

+4
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,10 @@ func NewServer(profile *profile.Profile) *Server {
3636
`"status":${status},"error":"${error}"}` + "\n",
3737
}))
3838

39+
e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
40+
TokenLookup: "cookie:_csrf",
41+
}))
42+
3943
e.Use(middleware.CORS())
4044

4145
e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{

0 commit comments

Comments
 (0)