Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)

* Add secure/httpOnly attributes to the lang cookie (#9690) (#14279) * apply to InitLocales() too Co-authored-by: Timo Gurr <timo.gurr@gmail.com>
2021-01-07 15:35:02 +01:00 · 2021-01-07 15:35:02 +01:00 · fb656b5124
parent 4be59eb5d9
commit fb656b5124
2 changed files with 18 additions and 14 deletions
--- a/routers/init.go
+++ b/routers/init.go
@ -110,13 +110,15 @@ func InitLocales() {
 		}
 	}
 	i18n.I18n(i18n.Options{
-		SubURL:       setting.AppSubURL,
-		Files:        localFiles,
-		Langs:        setting.Langs,
-		Names:        setting.Names,
-		DefaultLang:  "en-US",
-		Redirect:     false,
-		CookieDomain: setting.SessionConfig.Domain,
+		SubURL:         setting.AppSubURL,
+		Files:          localFiles,
+		Langs:          setting.Langs,
+		Names:          setting.Names,
+		DefaultLang:    "en-US",
+		Redirect:       false,
+		CookieHttpOnly: true,
+		Secure:         setting.SessionConfig.Secure,
+		CookieDomain:   setting.SessionConfig.Domain,
 	})
 }

--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@ -247,13 +247,15 @@ func NewMacaron() *macaron.Macaron {
 	}

 	m.Use(i18n.I18n(i18n.Options{
-		SubURL:       setting.AppSubURL,
-		Files:        localFiles,
-		Langs:        setting.Langs,
-		Names:        setting.Names,
-		DefaultLang:  "en-US",
-		Redirect:     false,
-		CookieDomain: setting.SessionConfig.Domain,
+		SubURL:         setting.AppSubURL,
+		Files:          localFiles,
+		Langs:          setting.Langs,
+		Names:          setting.Names,
+		DefaultLang:    "en-US",
+		Redirect:       false,
+		CookieHttpOnly: true,
+		Secure:         setting.SessionConfig.Secure,
+		CookieDomain:   setting.SessionConfig.Domain,
 	}))
 	m.Use(cache.Cacher(cache.Options{
 		Adapter:       setting.CacheService.Adapter,