From e3205fbae9a876f7a6cbaede11f84b5e3e75e44c Mon Sep 17 00:00:00 2001 From: Dakota Walsh Date: Wed, 11 Sep 2024 14:00:09 +1200 Subject: [PATCH] Set SameSite Strict for CSRF cookies --- application/middleware.go | 1 + 1 file changed, 1 insertion(+) diff --git a/application/middleware.go b/application/middleware.go index f6e5eed..499b40c 100644 --- a/application/middleware.go +++ b/application/middleware.go @@ -49,6 +49,7 @@ func noSurf(next http.Handler) http.Handler { HttpOnly: true, Path: "/", Secure: true, + SameSite: http.SameSiteStrictMode, }) return csrfHandler } -- 2.45.2