Mark cookies as sameSite=Strict

This commit is contained in:
Valentin Tolmer 2021-05-19 18:08:26 +02:00
parent 4d9f554fe6
commit 312d9b7a6f
2 changed files with 3 additions and 2 deletions

View File

@ -23,7 +23,7 @@ pub fn set_cookie(cookie_name: &str, value: &str, expiration: &DateTime<Utc>) ->
d.dyn_into::<web_sys::HtmlDocument>() d.dyn_into::<web_sys::HtmlDocument>()
.map_err(|_| anyhow!("Document is not an HTMLDocument")) .map_err(|_| anyhow!("Document is not an HTMLDocument"))
})?; })?;
doc.set_cookie(&format!("{}={};expires={}", cookie_name, value, expiration)) doc.set_cookie(&format!("{}={};expires={};sameSite=Strict", cookie_name, value, expiration))
.map_err(|_| anyhow!("Could not set cookie")) .map_err(|_| anyhow!("Could not set cookie"))
} }

View File

@ -5,7 +5,7 @@ use actix_http::HttpServiceBuilder;
use actix_server::ServerBuilder; use actix_server::ServerBuilder;
use actix_service::{map_config, Service}; use actix_service::{map_config, Service};
use actix_web::{ use actix_web::{
cookie::Cookie, cookie::{Cookie, SameSite},
dev::{AppConfig, ServiceRequest}, dev::{AppConfig, ServiceRequest},
error::{ErrorBadRequest, ErrorUnauthorized}, error::{ErrorBadRequest, ErrorUnauthorized},
web, App, HttpRequest, HttpResponse, web, App, HttpRequest, HttpResponse,
@ -97,6 +97,7 @@ where
.max_age(1.days()) .max_age(1.days())
.path("/api") .path("/api")
.http_only(true) .http_only(true)
.same_site(SameSite::Strict)
.finish(), .finish(),
) )
.body(token.as_str().to_owned()), .body(token.as_str().to_owned()),