Merge pull request #90 from xy-planning-network/dlk/cookie-same-site

http/session/store: set cookie SameSite=Strict
xy-planning-network · Oct 31, 2024 · 59b7724 · 59b7724
2 parents 71b38df + e3ad53f
commit 59b7724
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/http/session/store.go b/http/session/store.go
@@ -101,8 +101,9 @@ func NewStoreService(cfg Config) (Service, error) {
 	}
 
 	c.Options.Domain = cfg.Domain
-	c.Options.Secure = !(s.env.IsDevelopment() || s.env.IsTesting())
 	c.Options.HttpOnly = true
+	c.Options.SameSite = http.SameSiteStrictMode
+	c.Options.Secure = !(s.env.IsDevelopment() || s.env.IsTesting())
 	c.MaxAge(cfg.MaxAge)
 
 	s.store = c