feat: add CSRF cookie protection

2025-10-28 12:45:47 +00:00 · 2025-04-14 20:00:58 +03:00
parent eb36b2211b
commit 02faabf688
3 changed files with 46 additions and 10 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -2,7 +2,6 @@ package auth

 import (
 	"fmt"
-	"net/http"
 	"regexp"
 	"slices"
 	"strings"
@@ -42,7 +41,6 @@ func (auth *Auth) GetSession(c *gin.Context) (*sessions.Session, error) {
 		MaxAge:   auth.Config.SessionExpiry,
 		Secure:   auth.Config.CookieSecure,
 		HttpOnly: true,
-		SameSite: http.SameSiteDefaultMode,
 		Domain:   fmt.Sprintf(".%s", auth.Config.Domain),
 	}