From 57b80f5f3c20a75adf59115882f9715501d4a69a Mon Sep 17 00:00:00 2001 From: Jason McNeil Date: Wed, 1 Dec 2021 10:33:04 -0400 Subject: [PATCH] CookieSameSite default "Lax" --- middleware/csrf/README.md | 6 +++--- middleware/csrf/config.go | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/middleware/csrf/README.md b/middleware/csrf/README.md index f88a1e58cc..eb516a85ba 100644 --- a/middleware/csrf/README.md +++ b/middleware/csrf/README.md @@ -46,7 +46,7 @@ app.Use(csrf.New()) // Default config app.Use(csrf.New(csrf.Config{ KeyLookup: "header:X-Csrf-Token", CookieName: "csrf_", - CookieSameSite: "Strict", + CookieSameSite: "Lax", Expiration: 1 * time.Hour, KeyGenerator: utils.UUID, })) @@ -106,7 +106,7 @@ type Config struct { CookieHTTPOnly bool // Indicates if CSRF cookie is requested by SameSite. - // Optional. Default value "Strict". + // Optional. Default value "Lax". CookieSameSite string // Expiration is the duration before csrf token will expire @@ -138,7 +138,7 @@ type Config struct { var ConfigDefault = Config{ KeyLookup: "header:X-Csrf-Token", CookieName: "csrf_", - CookieSameSite: "Strict", + CookieSameSite: "Lax", Expiration: 1 * time.Hour, KeyGenerator: utils.UUID, } diff --git a/middleware/csrf/config.go b/middleware/csrf/config.go index c4b76e0b10..afd586b56d 100644 --- a/middleware/csrf/config.go +++ b/middleware/csrf/config.go @@ -50,7 +50,7 @@ type Config struct { CookieHTTPOnly bool // Value of SameSite cookie. - // Optional. Default value "Strict". + // Optional. Default value "Lax". CookieSameSite string // Expiration is the duration before csrf token will expire @@ -96,7 +96,7 @@ type Config struct { var ConfigDefault = Config{ KeyLookup: "header:X-Csrf-Token", CookieName: "csrf_", - CookieSameSite: "Strict", + CookieSameSite: "Lax", Expiration: 1 * time.Hour, KeyGenerator: utils.UUID, ErrorHandler: defaultErrorHandler,