Skip to content

Commit

Permalink
feat: support for securing cookies
Browse files Browse the repository at this point in the history
  • Loading branch information
@noxecane
noxecane committed Aug 25, 2024
1 parent 63bb875 commit 5540e16
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions html/cookies.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
package html

import (
"net/http"
)

// SecureCookie makes sure the passed cookies is only accessible
// to the browser, over HTTPS from the server's domain(for PUT, POST e.t.c)
func SecureCookie(appEnv string, cookie *http.Cookie) *http.Cookie {
cookie.HttpOnly = true // No JS access
cookie.Secure = appEnv != "dev" // HTTPS only

if appEnv != "dev" {
cookie.SameSite = http.SameSiteLaxMode
}

return cookie
}

// LockCookie is SecureCookie with strict mode for same site settings
func LockCookie(appEnv string, cookie *http.Cookie) *http.Cookie {
SecureCookie(appEnv, cookie)

if appEnv != "dev" {
cookie.SameSite = http.SameSiteStrictMode
}

return cookie
}

0 comments on commit 5540e16

Please sign in to comment.