From d2bc459b803fc0ef14ee017058aed82536422945 Mon Sep 17 00:00:00 2001 From: Timo Gurr Date: Thu, 7 Jan 2021 14:40:24 +0100 Subject: [PATCH] Add secure/httpOnly attributes to the lang cookie (#9690) (#14279) --- routers/routes/routes.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/routers/routes/routes.go b/routers/routes/routes.go index a7b5b5b58952e..0e7934a552ac7 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -247,13 +247,15 @@ func NewMacaron() *macaron.Macaron { } m.Use(i18n.I18n(i18n.Options{ - SubURL: setting.AppSubURL, - Files: localFiles, - Langs: setting.Langs, - Names: setting.Names, - DefaultLang: "en-US", - Redirect: false, - CookieDomain: setting.SessionConfig.Domain, + SubURL: setting.AppSubURL, + Files: localFiles, + Langs: setting.Langs, + Names: setting.Names, + DefaultLang: "en-US", + Redirect: false, + CookieHttpOnly: true, + Secure: setting.SessionConfig.Secure, + CookieDomain: setting.SessionConfig.Domain, })) m.Use(cache.Cacher(cache.Options{ Adapter: setting.CacheService.Adapter,