From d9cc26a2e0020db1cc9b046a596152a07609387a Mon Sep 17 00:00:00 2001 From: Caleb Doxsey Date: Fri, 30 Apr 2021 10:24:47 -0600 Subject: [PATCH] authenticate,proxy: add same site lax to cookies (#2159) --- authenticate/state.go | 2 ++ internal/sessions/cookie/cookie_store.go | 2 ++ proxy/state.go | 2 ++ 3 files changed, 6 insertions(+) diff --git a/authenticate/state.go b/authenticate/state.go index 317c39be1..20f1e8e48 100644 --- a/authenticate/state.go +++ b/authenticate/state.go @@ -5,6 +5,7 @@ import ( "crypto/cipher" "encoding/base64" "fmt" + "net/http" "net/url" "sync/atomic" @@ -117,6 +118,7 @@ func newAuthenticateStateFromConfig(cfg *config.Config) (*authenticateState, err Secure: cfg.Options.CookieSecure, HTTPOnly: cfg.Options.CookieHTTPOnly, Expire: cfg.Options.CookieExpire, + SameSite: http.SameSiteLaxMode, } }, state.sharedEncoder) if err != nil { diff --git a/internal/sessions/cookie/cookie_store.go b/internal/sessions/cookie/cookie_store.go index a06d9f9dd..a8b2a21a5 100644 --- a/internal/sessions/cookie/cookie_store.go +++ b/internal/sessions/cookie/cookie_store.go @@ -42,6 +42,7 @@ type Options struct { Expire time.Duration HTTPOnly bool Secure bool + SameSite http.SameSite } // A GetOptionsFunc is a getter for cookie options. @@ -92,6 +93,7 @@ func (cs *Store) makeCookie(value string) *http.Cookie { HttpOnly: opts.HTTPOnly, Secure: opts.Secure, Expires: timeNow().Add(opts.Expire), + SameSite: opts.SameSite, } } diff --git a/proxy/state.go b/proxy/state.go index 54cc082ea..be7edf257 100644 --- a/proxy/state.go +++ b/proxy/state.go @@ -3,6 +3,7 @@ package proxy import ( "crypto/cipher" "encoding/base64" + "net/http" "net/url" "sync/atomic" "time" @@ -85,6 +86,7 @@ func newProxyStateFromConfig(cfg *config.Config) (*proxyState, error) { Secure: cfg.Options.CookieSecure, HTTPOnly: cfg.Options.CookieHTTPOnly, Expire: cfg.Options.CookieExpire, + SameSite: http.SameSiteLaxMode, } }, state.encoder) if err != nil {