fix(middleware/session): CookieSameSite default "Lax" (#1638)

* CookieSameSite default "Lax" * Update README.md * CookieSameSite default "Lax" * Revert "CookieSameSite default "Lax"" This reverts commit 4141877.
gofiber · Dec 2, 2021 · 693f3c5 · 693f3c5
1 parent af6b204
commit 693f3c5
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/middleware/session/README.md b/middleware/session/README.md
@@ -140,8 +140,8 @@ type Config struct {
 	// Optional. Default value false.
 	CookieHTTPOnly bool
 
-	// Indicates if CSRF cookie is HTTP only.
-	// Optional. Default value false.
+	// Sets the CSRF cookie SameSite attribute.
+	// Optional. Default value "Lax".
 	CookieSameSite string
 
 	// KeyGenerator generates the session key.

diff --git a/middleware/session/session.go b/middleware/session/session.go
@@ -202,7 +202,6 @@ func (s *Session) setSession() {
 		fcookie.SetSecure(s.config.CookieSecure)
 		fcookie.SetHTTPOnly(s.config.CookieHTTPOnly)
 
-		// TODO Default value should be set to `strict` in fiber v3.
 		switch utils.ToLower(s.config.CookieSameSite) {
 		case "strict":
 			fcookie.SetSameSite(fasthttp.CookieSameSiteStrictMode)