summaryrefslogtreecommitdiff
path: root/pkg/web/cookie
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/web/cookie')
-rw-r--r--pkg/web/cookie/cookie_test.go8
-rw-r--r--pkg/web/cookie/new.go2
2 files changed, 6 insertions, 4 deletions
diff --git a/pkg/web/cookie/cookie_test.go b/pkg/web/cookie/cookie_test.go
index 9ac1817..f7f013d 100644
--- a/pkg/web/cookie/cookie_test.go
+++ b/pkg/web/cookie/cookie_test.go
@@ -1,6 +1,7 @@
package cookie
import (
+ "net/http"
"testing"
"time"
@@ -13,9 +14,10 @@ func TestCookie(t *testing.T) {
t.Run("returns a cookie pinned to the HOST", func(t *testing.T) {
env.With(env.Vars{"HOST": "sparkle.example.com"}, func() {
cookie := New("name", "value", time.Now().Add(1*time.Minute))
- assert.Equal(t, cookie.Domain, "sparkle.example.com")
- assert.Equal(t, cookie.HttpOnly, true)
- assert.Equal(t, cookie.Secure, true)
+ assert.Equal(t, "sparkle.example.com", cookie.Domain)
+ assert.Equal(t, true, cookie.HttpOnly)
+ assert.Equal(t, true, cookie.Secure)
+ assert.Equal(t, http.SameSiteStrictMode, cookie.SameSite)
})
})
})
diff --git a/pkg/web/cookie/new.go b/pkg/web/cookie/new.go
index 335b305..d4d0700 100644
--- a/pkg/web/cookie/new.go
+++ b/pkg/web/cookie/new.go
@@ -16,7 +16,7 @@ func New(name, value string, expires time.Time) *http.Cookie {
Path: "/",
HttpOnly: true,
Secure: true,
- SameSite: http.SameSiteDefaultMode,
+ SameSite: http.SameSiteStrictMode,
Domain: env.Fetch("HOST", "localhost"),
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 21:51:26 +0000