rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: set cookie Secure=true and SameSite=None for cross-origin auth

Browse source
This commit is contained in:
Tiago Yamamoto 2026-02-23 13:44:34 -06:00
parent 5ce0980090
commit 3583ef89d8
1 changed files with 1345 additions and 1345 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
backend/internal/api/handlers/core_handlers.go
View file

@ -121,8 +121,8 @@ func (h *CoreHandlers) Login(w http.ResponseWriter, r *http.Request) {
Path: "/", Path: "/",
Expires: time.Now().Add(24 * time.Hour), Expires: time.Now().Add(24 * time.Hour),
HttpOnly: true, HttpOnly: true,
Secure: false, // Set to true in production with HTTPS Secure: true,
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteNoneMode,
}) })
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
@ -143,8 +143,8 @@ func (h *CoreHandlers) Logout(w http.ResponseWriter, r *http.Request) {
Path: "/", Path: "/",
Expires: time.Now().Add(-24 * time.Hour), // Expire in the past Expires: time.Now().Add(-24 * time.Hour), // Expire in the past
HttpOnly: true, HttpOnly: true,
Secure: false, // Set to true in production with HTTPS Secure: true,
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteNoneMode,
MaxAge: -1, // Delete cookie immediately MaxAge: -1, // Delete cookie immediately
}) })