From 88e81d4d800ff6433518522954197d75203a25c2 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@miniflux.net>
Date: Wed, 29 Aug 2018 21:09:42 -0700
Subject: Set cookie attribute SameSite to strict mode

---
 http/cookie/cookie.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'http')

diff --git a/http/cookie/cookie.go b/http/cookie/cookie.go
index d0e55eb..9ac79a1 100644
--- a/http/cookie/cookie.go
+++ b/http/cookie/cookie.go
@@ -27,6 +27,7 @@ func New(name, value string, isHTTPS bool, path string) *http.Cookie {
 		Secure:   isHTTPS,
 		HttpOnly: true,
 		Expires:  time.Now().Add(cookieDuration * 24 * time.Hour),
+		SameSite: http.SameSiteStrictMode,
 	}
 }
 
@@ -40,6 +41,7 @@ func Expired(name string, isHTTPS bool, path string) *http.Cookie {
 		HttpOnly: true,
 		MaxAge:   -1,
 		Expires:  time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC),
+		SameSite: http.SameSiteStrictMode,
 	}
 }
 
-- 
cgit v1.2.3