mattnite
/
forgejo-tickets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'Set Secure flag on session cookie for HTTPS' (#37) from fix/session-secure-flag into main 

Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/37
This commit is contained in:
Matthew Knight 2026-02-17 23:54:40 +00:00
parent af06f2203e e6cd175c92
commit a0fa170a40
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/server/main.go
View File

@ -5,6 +5,7 @@ import (
"net/http"
"os"
"os/signal"
"strings"
"syscall"
"time"
@ -54,7 +55,7 @@ func main() {
log.Info().Str("bot_login", forgejoClient.BotLogin).Msg("forgejo bot login initialized")
}
sessionStore := auth.NewPGStore(db, []byte(cfg.SessionSecret))
sessionStore := auth.NewPGStore(db, strings.HasPrefix(cfg.BaseURL, "https"), []byte(cfg.SessionSecret))
authService := auth.NewService(db, sessionStore, emailClient)
ctx, cancel := context.WithCancel(context.Background())

3
internal/auth/store.go
View File

@ -28,7 +28,7 @@ type PGStore struct {
options *sessions.Options
}
func NewPGStore(db *gorm.DB, keyPairs ...[]byte) *PGStore {
func NewPGStore(db *gorm.DB, secure bool, keyPairs ...[]byte) *PGStore {
return &PGStore{
db: db,
codecs: securecookie.CodecsFromPairs(keyPairs...),
@ -36,6 +36,7 @@ func NewPGStore(db *gorm.DB, keyPairs ...[]byte) *PGStore {
Path: "/",
MaxAge: sessionMaxAge,
HttpOnly: true,
Secure: secure,
SameSite: http.SameSiteLaxMode,
},
}