Set SameSite cookie attribute to Strict

2020-08-05 21:19:02 -07:00 · 2020-08-05 21:19:02 -07:00 · 5ac55518ab
commit 5ac55518ab
parent 514f518d2a
1 changed files with 2 additions and 2 deletions
--- a/http/cookie/cookie.go
+++ b/http/cookie/cookie.go
@ -27,7 +27,7 @@ func New(name, value string, isHTTPS bool, path string) *http.Cookie {
 		Secure:   isHTTPS,
 		HttpOnly: true,
 		Expires:  time.Now().Add(cookieDuration * 24 * time.Hour),
-		SameSite: http.SameSiteLaxMode,
+		SameSite: http.SameSiteStrictMode,
 	}
 }

@ -41,7 +41,7 @@ func Expired(name string, isHTTPS bool, path string) *http.Cookie {
 		HttpOnly: true,
 		MaxAge:   -1,
 		Expires:  time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC),
-		SameSite: http.SameSiteLaxMode,
+		SameSite: http.SameSiteStrictMode,
 	}
 }