Skip to content

Commit

Permalink
🐛 (cors): Cookie with samesite=none
Browse files Browse the repository at this point in the history
Access-Control-Allow-Credentials shoud be return both in OPTIONS and POST,  Cookie with samesite=none
  • Loading branch information
soxft committed Aug 16, 2024
1 parent bf8e45a commit 3ffe1da
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/middleware/cors.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ func Cors() gin.HandlerFunc {
}

c.Header("Server", "busuanzi-by-xcsoft/"+config.VERSION)
c.Header("Access-Control-Allow-Credentials", "true")

if c.Request.Method == "OPTIONS" {
c.Header("Access-Control-Allow-Methods", "GET, POST, HEAD, OPTIONS")
c.Header("Access-Control-Allow-Headers", "x-bsz-referer, Authorization")
c.Header("Access-Control-Allow-Credentials", "true")
c.Header("Access-Control-Allow-Headers", "x-bsz-referer")
c.Header("Access-Control-Max-Age", "86400")
c.AbortWithStatus(204)
return
Expand Down
1 change: 1 addition & 0 deletions app/middleware/identity.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ func Identity() gin.HandlerFunc {

func setBszIdentity(c *gin.Context, userIdentity string) {
uid := jwtutil.Generate(userIdentity)
c.SetSameSite(http.SameSiteNoneMode)
c.SetCookie("bsz_id", uid, 86400, "/", "", false, true)
}

Expand Down

0 comments on commit 3ffe1da

Please sign in to comment.