From 4030e9c36ebd22d2e9c647a1ba286390361b4f63 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Fri, 25 Apr 2025 22:20:42 -0600
Subject: feat: do not allow js to access cookie

---
 pkg/web/cookie/new.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'pkg')

diff --git a/pkg/web/cookie/new.go b/pkg/web/cookie/new.go
index 2809640..335b305 100644
--- a/pkg/web/cookie/new.go
+++ b/pkg/web/cookie/new.go
@@ -9,13 +9,13 @@ import (
 
 func New(name, value string, expires time.Time) *http.Cookie {
 	return &http.Cookie{
-		Name:    name,
-		Value:   value, // TODO:: digitally sign the value
-		Expires: expires,
-		MaxAge:  int(time.Until(expires).Seconds()),
-		Path:    "/",
-		// HttpOnly: true,
-		// Secure:   true,
+		Name:     name,
+		Value:    value, // TODO:: digitally sign the value
+		Expires:  expires,
+		MaxAge:   int(time.Until(expires).Seconds()),
+		Path:     "/",
+		HttpOnly: true,
+		Secure:   true,
 		SameSite: http.SameSiteDefaultMode,
 		Domain:   env.Fetch("HOST", "localhost"),
 	}
-- 
cgit v1.2.3