Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(middleware): set CSRF cookie HttpOnly false for double-submit from JS

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2026-05-06 20:07:00 +02:00
parent add60ad3c2
commit 2adf72c138
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/middleware/csrf.go
+1 -1
View File
@@ -28,7 +28,7 @@ func SetCSRFToken(w http.ResponseWriter, r *http.Request, token string) {
Name: CSRFTokenCookieName, Name: CSRFTokenCookieName,
Value: token, Value: token,
Path: "/", Path: "/",
HttpOnly: true, HttpOnly: false,
Secure: IsHTTPS(r), Secure: IsHTTPS(r),
SameSite: http.SameSiteLaxMode, SameSite: http.SameSiteLaxMode,
MaxAge: 3600, MaxAge: 3600,