Skip to content

Commit

Permalink
Merge pull request #20015 from influxdata/session-handler-samesite
Browse files Browse the repository at this point in the history
fix(http): Add same site strict flag to session cookie
pierwill authored Nov 13, 2020

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents 4efb851 + f7c7665 commit aa1cefa
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions http/session_handler.go
Original file line number Diff line number Diff line change
@@ -176,9 +176,10 @@ func decodeCookieSession(ctx context.Context, r *http.Request) (string, error) {
// SetCookieSession adds a cookie for the session to an http request
func SetCookieSession(key string, r *http.Request) {
c := &http.Cookie{
Name: cookieSessionName,
Value: key,
Secure: true,
Name: cookieSessionName,
Value: key,
Secure: true,
SameSite: http.SameSiteStrictMode,
}

r.AddCookie(c)

0 comments on commit aa1cefa

Please sign in to comment.