mirrors/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2025-04-05 21:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

fix:(middlewares.go) - Set Cookie SameSite mode to Strict - 1776 (#1777)

Browse source 
* None is deprecated and will fallback to Lax in the future.
* Using Strict is future proof and provides additional CSR protection

Signed-off-by: Manuel Kroeber <manuel.kroeber@gmail.com>

Signed-off-by: Manuel Kroeber <manuel.kroeber@gmail.com>
This commit is contained in:
Manuel 2022-09-27 23:58:47 +02:00 committed by GitHub
parent 751e42c705
commit 72cde6dfde
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/middlewares.go
View file

@ -112,7 +112,7 @@ func clientUniqueIdAdder(next http.Handler) http.Handler {
MaxAge: consts.CookieExpiry, MaxAge: consts.CookieExpiry,
HttpOnly: true, HttpOnly: true,
Secure: true, Secure: true,
SameSite: http.SameSiteNoneMode, SameSite: http.SameSiteStrictMode,
Path: "/", Path: "/",
} }
http.SetCookie(w, c) http.SetCookie(w, c)

1
server/subsonic/middlewares.go
View file

@ -161,6 +161,7 @@ func getPlayer(players core.Players) func(next http.Handler) http.Handler {
Value: player.ID, Value: player.ID,
MaxAge: consts.CookieExpiry, MaxAge: consts.CookieExpiry,
HttpOnly: true, HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/", Path: "/",
} }
http.SetCookie(w, cookie) http.SetCookie(w, cookie)