Add __Host- prefix, set X-XSS-Protection to 0, require go1.11
This commit is contained in:
Ken-Håvard Lieng
parent
d844f6ee1a
commit
ca4db66308
6 changed files with 53 additions and 24 deletions
35
pkg/cookie/cookie.go
Normal file
35
pkg/cookie/cookie.go
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
package cookie
|
||||
|
||||
import "net/http"
|
||||
|
||||
const HostPrefix = "__Host-"
|
||||
|
||||
func Harden(r *http.Request, cookie *http.Cookie) *http.Cookie {
|
||||
cookie.HttpOnly = true
|
||||
cookie.Secure = r.TLS != nil
|
||||
|
||||
if cookie.Path == "" {
|
||||
cookie.Path = "/"
|
||||
}
|
||||
|
||||
if cookie.Path == "/" && cookie.Secure {
|
||||
cookie.Name = HostPrefix + cookie.Name
|
||||
}
|
||||
|
||||
if cookie.SameSite == 0 {
|
||||
cookie.SameSite = http.SameSiteLaxMode
|
||||
}
|
||||
|
||||
return cookie
|
||||
}
|
||||
|
||||
func Set(w http.ResponseWriter, r *http.Request, cookie *http.Cookie) {
|
||||
http.SetCookie(w, Harden(r, cookie))
|
||||
}
|
||||
|
||||
func Name(r *http.Request, name string) string {
|
||||
if r.TLS != nil {
|
||||
return HostPrefix + name
|
||||
}
|
||||
return name
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue