Skip to content

Commit

Permalink
CookieSameSite default "Lax" (#1640)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sixcolors
sixcolors committed Dec 2, 2021
1 parent c9e959c commit af6b204
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
6 changes: 3 additions & 3 deletions middleware/csrf/README.md
View file
Expand Up @@ -46,7 +46,7 @@ app.Use(csrf.New()) // Default config
app.Use(csrf.New(csrf.Config{
KeyLookup: "header:X-Csrf-Token",
CookieName: "csrf_",
CookieSameSite: "Strict",
CookieSameSite: "Lax",
Expiration: 1 * time.Hour,
KeyGenerator: utils.UUID,
}))
Expand Down Expand Up @@ -106,7 +106,7 @@ type Config struct {
CookieHTTPOnly bool

// Indicates if CSRF cookie is requested by SameSite.
// Optional. Default value "Strict".
// Optional. Default value "Lax".
CookieSameSite string

// Expiration is the duration before csrf token will expire
Expand Down Expand Up @@ -138,7 +138,7 @@ type Config struct {
var ConfigDefault = Config{
KeyLookup: "header:X-Csrf-Token",
CookieName: "csrf_",
CookieSameSite: "Strict",
CookieSameSite: "Lax",
Expiration: 1 * time.Hour,
KeyGenerator: utils.UUID,
}
Expand Down
4 changes: 2 additions & 2 deletions middleware/csrf/config.go
View file
Expand Up @@ -50,7 +50,7 @@ type Config struct {
CookieHTTPOnly bool

// Value of SameSite cookie.
// Optional. Default value "Strict".
// Optional. Default value "Lax".
CookieSameSite string

// Expiration is the duration before csrf token will expire
Expand Down Expand Up @@ -96,7 +96,7 @@ type Config struct {
var ConfigDefault = Config{
KeyLookup: "header:X-Csrf-Token",
CookieName: "csrf_",
CookieSameSite: "Strict",
CookieSameSite: "Lax",
Expiration: 1 * time.Hour,
KeyGenerator: utils.UUID,
ErrorHandler: defaultErrorHandler,
Expand Down

1 comment on commit af6b204

@Fenny
Copy link
Member

@Fenny Fenny commented on af6b204 Dec 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite Current: af6b204 Previous: c9e959c Ratio
Benchmark_App_ETag 9819 ns/op 1044 B/op 3 allocs/op 3611 ns/op 1044 B/op 3 allocs/op 2.72
Benchmark_App_ETag_Weak 7368 ns/op 1076 B/op 4 allocs/op 3683 ns/op 1076 B/op 4 allocs/op 2.00
Benchmark_Ctx_Write 65.5 ns/op 72 B/op 0 allocs/op 30.9 ns/op 71 B/op 0 allocs/op 2.12
Benchmark_Utils_ETag 7441 ns/op 1044 B/op 3 allocs/op 3620 ns/op 1044 B/op 3 allocs/op 2.06
Benchmark_Utils_ETag_Weak 7417 ns/op 1076 B/op 4 allocs/op 3695 ns/op 1076 B/op 4 allocs/op 2.01

This comment was automatically generated by workflow using github-action-benchmark.

Please sign in to comment.