public
/
contact-form
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 3 Wiki Activity
Browse Source

Use production values for cookies not dev

tags/v1.1.1^0
Chris Smith 4 years ago
parent
d50ef942b3
commit
d2fc19e919
Signed by: Chris Smith <chris@chameth.com> GPG Key ID: 3A2D4BBDC4A3C9A9
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2
    2
      main.go

+ 2
- 2
main.go View File 

@@ -159,7 +159,7 @@ func main() {
159 159 
 	store = sessions.NewCookieStore([]byte(*sessionKey))
160 160 
 	store.Options =  &sessions.Options{
161 161 
 		MaxAge:   0,
162 
-		Secure:   false, //true,
162 
+		Secure:   true, // Set to false for local development
163 163 
 		HttpOnly: true,
164 164 
 		SameSite: http.SameSiteStrictMode,
165 165 
 	}
 
@@ -182,7 +182,7 @@ func main() {
182 182 
 	r.HandleFunc("/solve", handleSolve).Methods("POST")
183 183
184 184 
 	// If developing locally, you'll need to pass csrf.Secure(false) as an argument below.
185 
-	CSRF := csrf.Protect([]byte(*csrfKey), csrf.FieldName(csrfFieldName), csrf.Secure(false))
185 
+	CSRF := csrf.Protect([]byte(*csrfKey), csrf.FieldName(csrfFieldName))
186 186 
 	err := http.ListenAndServe(fmt.Sprintf(":%d", *port), CSRF(r))
187 187 
 	if err != nil {
188 188 
 		_, _ = fmt.Fprintf(os.Stderr, "Unable to listen on port %d: %s\n", *port, err.Error())

Write Preview
Loading…
Cancel
Save