Backport #16037 The i_like_gitea cookie appears to be missing the SameSite settings. I think they were present at some point but may have been removed in a merge. This PR ensures that they are set. Fix #15972 Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
parent
8007602b40
commit
0600f7972a
3 changed files with 3 additions and 0 deletions
|
@ -557,6 +557,7 @@ func Routes() *web.Route {
|
|||
Gclifetime: setting.SessionConfig.Gclifetime,
|
||||
Maxlifetime: setting.SessionConfig.Maxlifetime,
|
||||
Secure: setting.SessionConfig.Secure,
|
||||
SameSite: setting.SessionConfig.SameSite,
|
||||
Domain: setting.SessionConfig.Domain,
|
||||
}))
|
||||
m.Use(securityHeaders())
|
||||
|
|
|
@ -89,6 +89,7 @@ func InstallRoutes() *web.Route {
|
|||
Gclifetime: setting.SessionConfig.Gclifetime,
|
||||
Maxlifetime: setting.SessionConfig.Maxlifetime,
|
||||
Secure: setting.SessionConfig.Secure,
|
||||
SameSite: setting.SessionConfig.SameSite,
|
||||
Domain: setting.SessionConfig.Domain,
|
||||
}))
|
||||
|
||||
|
|
|
@ -135,6 +135,7 @@ func WebRoutes() *web.Route {
|
|||
Gclifetime: setting.SessionConfig.Gclifetime,
|
||||
Maxlifetime: setting.SessionConfig.Maxlifetime,
|
||||
Secure: setting.SessionConfig.Secure,
|
||||
SameSite: setting.SessionConfig.SameSite,
|
||||
Domain: setting.SessionConfig.Domain,
|
||||
}))
|
||||
|
||||
|
|
Reference in a new issue