Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(middleware): set CSRF cookie HttpOnly false for double-submit from JS

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2026-05-06 20:07:00 +02:00
parent add60ad3c2
commit 2adf72c138
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/middleware/csrf.go
+1 -1
View File
@@ -28,7 +28,7 @@ func SetCSRFToken(w http.ResponseWriter, r *http.Request, token string) {
Name: CSRFTokenCookieName,
Value: token,
Path: "/",
HttpOnly: true,
HttpOnly: false,
Secure: IsHTTPS(r),
SameSite: http.SameSiteLaxMode,
MaxAge: 3600,