mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-25 11:33:11 +00:00 
			
		
		
		
	Add SameSite setting for cookies (#14900)
Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default. There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR. Fix #5583 Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
		
					parent
					
						
							
								beed5476e2
							
						
					
				
			
			
				commit
				
					
						9b261f52f0
					
				
			
		
					 14 changed files with 184 additions and 45 deletions
				
			
		|  | @ -17,6 +17,7 @@ import ( | |||
| 	"code.gitea.io/gitea/modules/setting" | ||||
| 	"code.gitea.io/gitea/modules/structs" | ||||
| 	"code.gitea.io/gitea/modules/util" | ||||
| 	"code.gitea.io/gitea/modules/web/middleware" | ||||
| 	"code.gitea.io/gitea/routers/user" | ||||
| ) | ||||
| 
 | ||||
|  | @ -46,7 +47,7 @@ func Home(ctx *context.Context) { | |||
| 		} else if ctx.User.MustChangePassword { | ||||
| 			ctx.Data["Title"] = ctx.Tr("auth.must_change_password") | ||||
| 			ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" | ||||
| 			ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL) | ||||
| 			middleware.SetRedirectToCookie(ctx.Resp, setting.AppSubURL+ctx.Req.URL.RequestURI()) | ||||
| 			ctx.Redirect(setting.AppSubURL + "/user/settings/change_password") | ||||
| 		} else { | ||||
| 			user.Dashboard(ctx) | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue