Merge branch 'dev' of https://github.com/ClusterCockpit/cc-backend into dev

2025-07-22 20:41:40 +02:00 · 2024-11-28 15:18:14 +01:00
parent 2aef6ed9c0 01b1136316
commit e2efe71b33
3 changed files with 62 additions and 58 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -188,6 +188,10 @@ func (auth *Authentication) SaveSession(rw http.ResponseWriter, r *http.Request,
 	if auth.SessionMaxAge != 0 {
 		session.Options.MaxAge = int(auth.SessionMaxAge.Seconds())
 	}
+	if config.Keys.HttpsCertFile == "" && config.Keys.HttpsKeyFile == "" {
+		session.Options.Secure = false
+	}
+	session.Options.SameSite = http.SameSiteStrictMode
 	session.Values["username"] = user.Username
 	session.Values["projects"] = user.Projects
 	session.Values["roles"] = user.Roles