From fb656b5124be7f40efd1fd69ede0d686fb623810 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 7 Jan 2021 15:35:02 +0100 Subject: [PATCH] Add secure/httpOnly attributes to the lang cookie (#14279) (#14280) * Add secure/httpOnly attributes to the lang cookie (#9690) (#14279) * apply to InitLocales() too Co-authored-by: Timo Gurr --- routers/init.go | 16 +++++++++------- routers/routes/routes.go | 16 +++++++++------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/routers/init.go b/routers/init.go index 34b94eb47137..608db79cb056 100644 --- a/routers/init.go +++ b/routers/init.go @@ -110,13 +110,15 @@ func InitLocales() { } } i18n.I18n(i18n.Options{ - SubURL: setting.AppSubURL, - Files: localFiles, - Langs: setting.Langs, - Names: setting.Names, - DefaultLang: "en-US", - Redirect: false, - CookieDomain: setting.SessionConfig.Domain, + SubURL: setting.AppSubURL, + Files: localFiles, + Langs: setting.Langs, + Names: setting.Names, + DefaultLang: "en-US", + Redirect: false, + CookieHttpOnly: true, + Secure: setting.SessionConfig.Secure, + CookieDomain: setting.SessionConfig.Domain, }) } diff --git a/routers/routes/routes.go b/routers/routes/routes.go index a7b5b5b58952..0e7934a552ac 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -247,13 +247,15 @@ func NewMacaron() *macaron.Macaron { } m.Use(i18n.I18n(i18n.Options{ - SubURL: setting.AppSubURL, - Files: localFiles, - Langs: setting.Langs, - Names: setting.Names, - DefaultLang: "en-US", - Redirect: false, - CookieDomain: setting.SessionConfig.Domain, + SubURL: setting.AppSubURL, + Files: localFiles, + Langs: setting.Langs, + Names: setting.Names, + DefaultLang: "en-US", + Redirect: false, + CookieHttpOnly: true, + Secure: setting.SessionConfig.Secure, + CookieDomain: setting.SessionConfig.Domain, })) m.Use(cache.Cacher(cache.Options{ Adapter: setting.CacheService.Adapter,