|
|
@@ -18,20 +18,26 @@ const (
|
|
|
|
|
|
// New creates a new cookie.
|
|
|
func New(name, value string, isHTTPS bool, path string) *http.Cookie {
|
|
|
- return &http.Cookie{
|
|
|
+ cookie := &http.Cookie{
|
|
|
Name: name,
|
|
|
Value: value,
|
|
|
Path: basePath(path),
|
|
|
Secure: isHTTPS,
|
|
|
HttpOnly: true,
|
|
|
Expires: time.Now().Add(time.Duration(config.Opts.CleanupRemoveSessionsDays()) * 24 * time.Hour),
|
|
|
- SameSite: http.SameSiteLaxMode,
|
|
|
+ SameSite: http.SameSiteStrictMode,
|
|
|
}
|
|
|
+
|
|
|
+ // OAuth doesn't work when cookies are in strict mode.
|
|
|
+ if config.Opts.OAuth2Provider() != "" {
|
|
|
+ cookie.SameSite = http.SameSiteLaxMode
|
|
|
+ }
|
|
|
+ return cookie
|
|
|
}
|
|
|
|
|
|
// Expired returns an expired cookie.
|
|
|
func Expired(name string, isHTTPS bool, path string) *http.Cookie {
|
|
|
- return &http.Cookie{
|
|
|
+ cookie := &http.Cookie{
|
|
|
Name: name,
|
|
|
Value: "",
|
|
|
Path: basePath(path),
|
|
|
@@ -39,8 +45,14 @@ func Expired(name string, isHTTPS bool, path string) *http.Cookie {
|
|
|
HttpOnly: true,
|
|
|
MaxAge: -1,
|
|
|
Expires: time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC),
|
|
|
- SameSite: http.SameSiteLaxMode,
|
|
|
+ SameSite: http.SameSiteStrictMode,
|
|
|
+ }
|
|
|
+
|
|
|
+ // OAuth doesn't work when cookies are in strict mode.
|
|
|
+ if config.Opts.OAuth2Provider() != "" {
|
|
|
+ cookie.SameSite = http.SameSiteLaxMode
|
|
|
}
|
|
|
+ return cookie
|
|
|
}
|
|
|
|
|
|
func basePath(path string) string {
|
Julien Voisin