minor: sessions: set SameSite to Lax when sharable with subdomains is…

… not disabled.
kataras · Aug 16, 2019 · 6bbdd3d · 6bbdd3d
1 parent c781be7
commit 6bbdd3d
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 3 deletions.
diff --git a/_examples/file-server/embedding-files-into-app/main_test.go b/_examples/file-server/embedding-files-into-app/main_test.go
@@ -54,7 +54,7 @@ func (r resource) loadFromBase(dir string) string {
 	result := string(b)
 
 	if runtime.GOOS != "windows" {
-		// result = strings.Replace(result, "\n", "\r\n", -1)
+		result = strings.Replace(result, "\n", "\r\n", -1)
 	}
 	return result
 }

diff --git a/_examples/file-server/embedding-gziped-files-into-app/main_test.go b/_examples/file-server/embedding-gziped-files-into-app/main_test.go
@@ -55,7 +55,7 @@ func (r resource) loadFromBase(dir string) string {
 	result := string(b)
 
 	if runtime.GOOS != "windows" {
-		// result = strings.Replace(result, "\n", "\r\n", -1)
+		result = strings.Replace(result, "\n", "\r\n", -1)
 	}
 	return result
 }

diff --git a/_examples/file-server/single-page-application/embedded-single-page-application/main_test.go b/_examples/file-server/single-page-application/embedded-single-page-application/main_test.go
@@ -47,7 +47,7 @@ func (r resource) loadFromBase(dir string) string {
 	}
 	result := string(b)
 	if runtime.GOOS != "windows" {
-		// result = strings.Replace(result, "\n", "\r\n", -1)
+		result = strings.Replace(result, "\n", "\r\n", -1)
 	}
 	return result
 }

diff --git a/sessions/sessions.go b/sessions/sessions.go
@@ -45,6 +45,10 @@ func (s *Sessions) updateCookie(ctx context.Context, sid string, expires time.Du
 	cookie.Path = "/"
 	cookie.Domain = formatCookieDomain(ctx, s.config.DisableSubdomainPersistence)
 	cookie.HttpOnly = true
+	if !s.config.DisableSubdomainPersistence {
+		cookie.SameSite = http.SameSiteLaxMode // allow subdomain sharing.
+	}
+
 	// MaxAge=0 means no 'Max-Age' attribute specified.
 	// MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
 	// MaxAge>0 means Max-Age attribute present and given in seconds