Skip to content

Commit

Permalink
Add missing SameSite settings for the i_like_gitea cookie
Browse files Browse the repository at this point in the history
The i_like_gitea cookie appears to be missing the SameSite settings. I think they
were present at some point but may have been removed in a merge.

This PR ensures that they are set.

Fix go-gitea#15972

Signed-off-by: Andrew Thornton <[email protected]>
  • Loading branch information
zeripath committed May 31, 2021
1 parent 3720503 commit 7582776
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions routers/api/v1/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -557,6 +557,7 @@ func Routes() *web.Route {
Gclifetime: setting.SessionConfig.Gclifetime,
Maxlifetime: setting.SessionConfig.Maxlifetime,
Secure: setting.SessionConfig.Secure,
SameSite: setting.SessionConfig.SameSite,
Domain: setting.SessionConfig.Domain,
}))
m.Use(securityHeaders())
Expand Down
1 change: 1 addition & 0 deletions routers/routes/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ func InstallRoutes() *web.Route {
Gclifetime: setting.SessionConfig.Gclifetime,
Maxlifetime: setting.SessionConfig.Maxlifetime,
Secure: setting.SessionConfig.Secure,
SameSite: setting.SessionConfig.SameSite,
Domain: setting.SessionConfig.Domain,
}))

Expand Down
1 change: 1 addition & 0 deletions routers/routes/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,7 @@ func WebRoutes() *web.Route {
Gclifetime: setting.SessionConfig.Gclifetime,
Maxlifetime: setting.SessionConfig.Maxlifetime,
Secure: setting.SessionConfig.Secure,
SameSite: setting.SessionConfig.SameSite,
Domain: setting.SessionConfig.Domain,
}))

Expand Down

0 comments on commit 7582776

Please sign in to comment.