From d2bc459b803fc0ef14ee017058aed82536422945 Mon Sep 17 00:00:00 2001 From: Timo Gurr Date: Thu, 7 Jan 2021 14:40:24 +0100 Subject: [PATCH 1/2] Add secure/httpOnly attributes to the lang cookie (#9690) (#14279) --- routers/routes/routes.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/routers/routes/routes.go b/routers/routes/routes.go index a7b5b5b58952e..0e7934a552ac7 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -247,13 +247,15 @@ func NewMacaron() *macaron.Macaron { } m.Use(i18n.I18n(i18n.Options{ - SubURL: setting.AppSubURL, - Files: localFiles, - Langs: setting.Langs, - Names: setting.Names, - DefaultLang: "en-US", - Redirect: false, - CookieDomain: setting.SessionConfig.Domain, + SubURL: setting.AppSubURL, + Files: localFiles, + Langs: setting.Langs, + Names: setting.Names, + DefaultLang: "en-US", + Redirect: false, + CookieHttpOnly: true, + Secure: setting.SessionConfig.Secure, + CookieDomain: setting.SessionConfig.Domain, })) m.Use(cache.Cacher(cache.Options{ Adapter: setting.CacheService.Adapter, From 7cc3f1e909c5467fdaf14ed04e7e72f1cb9044e7 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 7 Jan 2021 14:47:23 +0100 Subject: [PATCH 2/2] apply to InitLocales() too --- routers/init.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/routers/init.go b/routers/init.go index 34b94eb47137f..608db79cb056c 100644 --- a/routers/init.go +++ b/routers/init.go @@ -110,13 +110,15 @@ func InitLocales() { } } i18n.I18n(i18n.Options{ - SubURL: setting.AppSubURL, - Files: localFiles, - Langs: setting.Langs, - Names: setting.Names, - DefaultLang: "en-US", - Redirect: false, - CookieDomain: setting.SessionConfig.Domain, + SubURL: setting.AppSubURL, + Files: localFiles, + Langs: setting.Langs, + Names: setting.Names, + DefaultLang: "en-US", + Redirect: false, + CookieHttpOnly: true, + Secure: setting.SessionConfig.Secure, + CookieDomain: setting.SessionConfig.Domain, }) }