Set SameSite=Lax for cookie, fix rarely infinity redirect with SSO

https://stackoverflow.com/a/71467131
Jipok · Feb 14, 2024 · 3361b44 · 3361b44
1 parent 872ba20
commit 3361b44
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/auth-handler.go b/auth-handler.go
@@ -92,7 +92,14 @@ func SSO3(w http.ResponseWriter, req *http.Request) bool {
 	}
 	// We give the user an authorization token from another domain
 	// TODO no 3th redirect
-	http.SetCookie(w, &http.Cookie{Name: "jauth_token", Value: parts[0], HttpOnly: true, SameSite: http.SameSiteStrictMode, Path: "/"})
+	http.SetCookie(w, &http.Cookie{
+		Name: "jauth_token", 
+		Value: parts[0], 
+		HttpOnly: true, 
+		Secure:   true,
+		SameSite: http.SameSiteLaxMode, 
+		Path: "/",
+	})
 	// Redirect to the user's original page
 	http.Redirect(w, req, url, http.StatusFound)
 	return true
@@ -373,7 +380,7 @@ func provideCookieWithNewToken(w http.ResponseWriter, req *http.Request, usernam
 			Value:    token,
 			HttpOnly: true,
 			Secure:   true,
-			SameSite: http.SameSiteStrictMode,
+			SameSite: http.SameSiteLaxMode,
 			Path:     "/",
 		})
 	// MaxAge: -1 mean deleting cookie