feat: do not allow js to access cookie

author: mo khan <mo@mokhan.ca> 2025-04-25 22:20:42 -0600
committer: mo khan <mo@mokhan.ca> 2025-04-28 09:07:31 -0600
commit: 4030e9c36ebd22d2e9c647a1ba286390361b4f63 (patch)
tree: 5c4ff36e469c29e6436a36eeb8a9505403179243 /pkg/web
parent: 59cf768ec72f1ad2cefb8085dee8667f40a13fcc (diff)
1 files changed, 7 insertions, 7 deletions
diff --git a/pkg/web/cookie/new.go b/pkg/web/cookie/new.go
index 2809640..335b305 100644
--- a/pkg/web/cookie/new.go
+++ b/pkg/web/cookie/new.go
@@ -9,13 +9,13 @@ import (
 
 func New(name, value string, expires time.Time) *http.Cookie {
 	return &http.Cookie{
-		Name:    name,
-		Value:   value, // TODO:: digitally sign the value
-		Expires: expires,
-		MaxAge:  int(time.Until(expires).Seconds()),
-		Path:    "/",
-		// HttpOnly: true,
-		// Secure:   true,
+		Name:     name,
+		Value:    value, // TODO:: digitally sign the value
+		Expires:  expires,
+		MaxAge:   int(time.Until(expires).Seconds()),
+		Path:     "/",
+		HttpOnly: true,
+		Secure:   true,
 		SameSite: http.SameSiteDefaultMode,
 		Domain:   env.Fetch("HOST", "localhost"),
 	}
author	mo khan <mo@mokhan.ca>	2025-04-25 22:20:42 -0600
committer	mo khan <mo@mokhan.ca>	2025-04-28 09:07:31 -0600
commit	4030e9c36ebd22d2e9c647a1ba286390361b4f63 (patch)
tree	5c4ff36e469c29e6436a36eeb8a9505403179243 /pkg/web
parent	59cf768ec72f1ad2cefb8085dee8667f40a13fcc (diff)