mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
Mark cookies as sameSite=Strict
This commit is contained in:
parent
4d9f554fe6
commit
312d9b7a6f
@ -23,7 +23,7 @@ pub fn set_cookie(cookie_name: &str, value: &str, expiration: &DateTime<Utc>) ->
|
||||
d.dyn_into::<web_sys::HtmlDocument>()
|
||||
.map_err(|_| anyhow!("Document is not an HTMLDocument"))
|
||||
})?;
|
||||
doc.set_cookie(&format!("{}={};expires={}", cookie_name, value, expiration))
|
||||
doc.set_cookie(&format!("{}={};expires={};sameSite=Strict", cookie_name, value, expiration))
|
||||
.map_err(|_| anyhow!("Could not set cookie"))
|
||||
}
|
||||
|
||||
|
@ -5,7 +5,7 @@ use actix_http::HttpServiceBuilder;
|
||||
use actix_server::ServerBuilder;
|
||||
use actix_service::{map_config, Service};
|
||||
use actix_web::{
|
||||
cookie::Cookie,
|
||||
cookie::{Cookie, SameSite},
|
||||
dev::{AppConfig, ServiceRequest},
|
||||
error::{ErrorBadRequest, ErrorUnauthorized},
|
||||
web, App, HttpRequest, HttpResponse,
|
||||
@ -97,6 +97,7 @@ where
|
||||
.max_age(1.days())
|
||||
.path("/api")
|
||||
.http_only(true)
|
||||
.same_site(SameSite::Strict)
|
||||
.finish(),
|
||||
)
|
||||
.body(token.as_str().to_owned()),
|
||||
|
Loading…
Reference in New Issue
Block a user