mirror of
https://github.com/kataras/iris.git
synced 2025-02-09 02:34:55 +01:00
minor: sessions: set SameSite to Lax when sharable with subdomains is not disabled.
Former-commit-id: d0b15433d5f325f24972669b485be9cf5be6d68a
This commit is contained in:
parent
aee0503913
commit
db433f7dca
|
@ -54,7 +54,7 @@ func (r resource) loadFromBase(dir string) string {
|
||||||
result := string(b)
|
result := string(b)
|
||||||
|
|
||||||
if runtime.GOOS != "windows" {
|
if runtime.GOOS != "windows" {
|
||||||
// result = strings.Replace(result, "\n", "\r\n", -1)
|
result = strings.Replace(result, "\n", "\r\n", -1)
|
||||||
}
|
}
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,7 +55,7 @@ func (r resource) loadFromBase(dir string) string {
|
||||||
result := string(b)
|
result := string(b)
|
||||||
|
|
||||||
if runtime.GOOS != "windows" {
|
if runtime.GOOS != "windows" {
|
||||||
// result = strings.Replace(result, "\n", "\r\n", -1)
|
result = strings.Replace(result, "\n", "\r\n", -1)
|
||||||
}
|
}
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,7 +47,7 @@ func (r resource) loadFromBase(dir string) string {
|
||||||
}
|
}
|
||||||
result := string(b)
|
result := string(b)
|
||||||
if runtime.GOOS != "windows" {
|
if runtime.GOOS != "windows" {
|
||||||
// result = strings.Replace(result, "\n", "\r\n", -1)
|
result = strings.Replace(result, "\n", "\r\n", -1)
|
||||||
}
|
}
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,6 +45,10 @@ func (s *Sessions) updateCookie(ctx context.Context, sid string, expires time.Du
|
||||||
cookie.Path = "/"
|
cookie.Path = "/"
|
||||||
cookie.Domain = formatCookieDomain(ctx, s.config.DisableSubdomainPersistence)
|
cookie.Domain = formatCookieDomain(ctx, s.config.DisableSubdomainPersistence)
|
||||||
cookie.HttpOnly = true
|
cookie.HttpOnly = true
|
||||||
|
if !s.config.DisableSubdomainPersistence {
|
||||||
|
cookie.SameSite = http.SameSiteLaxMode // allow subdomain sharing.
|
||||||
|
}
|
||||||
|
|
||||||
// MaxAge=0 means no 'Max-Age' attribute specified.
|
// MaxAge=0 means no 'Max-Age' attribute specified.
|
||||||
// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
|
// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
|
||||||
// MaxAge>0 means Max-Age attribute present and given in seconds
|
// MaxAge>0 means Max-Age attribute present and given in seconds
|
||||||
|
|
Loading…
Reference in New Issue
Block a user