From 8241c05371b4e65fbe30e2e2b842e30d67ce2695 Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 31 May 2021 19:22:36 +0100 Subject: [PATCH] Add missing SameSite settings for the i_like_gitea cookie (#16037) Backport #16037 The i_like_gitea cookie appears to be missing the SameSite settings. I think they were present at some point but may have been removed in a merge. This PR ensures that they are set. Fix #15972 Signed-off-by: Andrew Thornton --- routers/api/v1/api.go | 1 + routers/routes/install.go | 1 + routers/routes/web.go | 1 + 3 files changed, 3 insertions(+) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 7beaf96020fa4..9fed22113668b 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -557,6 +557,7 @@ func Routes() *web.Route { Gclifetime: setting.SessionConfig.Gclifetime, Maxlifetime: setting.SessionConfig.Maxlifetime, Secure: setting.SessionConfig.Secure, + SameSite: setting.SessionConfig.SameSite, Domain: setting.SessionConfig.Domain, })) m.Use(securityHeaders()) diff --git a/routers/routes/install.go b/routers/routes/install.go index fea396bc26c47..22c9d5febbf92 100644 --- a/routers/routes/install.go +++ b/routers/routes/install.go @@ -89,6 +89,7 @@ func InstallRoutes() *web.Route { Gclifetime: setting.SessionConfig.Gclifetime, Maxlifetime: setting.SessionConfig.Maxlifetime, Secure: setting.SessionConfig.Secure, + SameSite: setting.SessionConfig.SameSite, Domain: setting.SessionConfig.Domain, })) diff --git a/routers/routes/web.go b/routers/routes/web.go index 9910249d7b3ab..39d2d7bef4271 100644 --- a/routers/routes/web.go +++ b/routers/routes/web.go @@ -135,6 +135,7 @@ func WebRoutes() *web.Route { Gclifetime: setting.SessionConfig.Gclifetime, Maxlifetime: setting.SessionConfig.Maxlifetime, Secure: setting.SessionConfig.Secure, + SameSite: setting.SessionConfig.SameSite, Domain: setting.SessionConfig.Domain, }))