akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix(auth): update SameSite cookie policy description for clarity

Browse Source
This commit is contained in:
GitHub Actions
2026-03-15 03:23:06 +00:00
parent f33ab83b7c
commit fd58f9d99a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/internal/api/handlers/auth_handler.go
View File

@@ -128,7 +128,8 @@ func isLocalRequest(c *gin.Context) bool {
// setSecureCookie sets an auth cookie with security best practices // setSecureCookie sets an auth cookie with security best practices
// - HttpOnly: prevents JavaScript access (XSS protection) // - HttpOnly: prevents JavaScript access (XSS protection)
// - Secure: true for HTTPS; false for local/private network HTTP requests // - Secure: true for HTTPS; false for local/private network HTTP requests
// - SameSite: Strict for HTTPS, Lax for HTTP/IP to allow forward-auth redirects // - SameSite: Lax for any local/private-network request (regardless of scheme),
// Strict otherwise (public HTTPS only)
func setSecureCookie(c *gin.Context, name, value string, maxAge int) { func setSecureCookie(c *gin.Context, name, value string, maxAge int) {
scheme := requestScheme(c) scheme := requestScheme(c)
secure := true secure := true