Added same-site policy for session options (#1381)

* Feat: added same-site policy for session options * Feat: configurations in conf package to control the `SameSite` mode and `Secure` value of the session. Co-authored-by: AaronLiu <abslant@126.com>
2026-01-26 09:34:57 +08:00 · 2022-12-16 13:59:26 +08:00
parent fd59d1b5ca
commit 74e1bd6a43
5 changed files with 90 additions and 18 deletions
--- a/pkg/conf/conf.go
+++ b/pkg/conf/conf.go
@@ -63,6 +63,8 @@ type cors struct {
 	AllowHeaders     []string
 	AllowCredentials bool
 	ExposeHeaders    []string
+	SameSite         string
+	Secure           bool
 }

 var cfg *ini.File
--- a/pkg/conf/defaults.go
+++ b/pkg/conf/defaults.go
@@ -30,6 +30,8 @@ var CORSConfig = &cors{
 	AllowHeaders:     []string{"Cookie", "X-Cr-Policy", "Authorization", "Content-Length", "Content-Type", "X-Cr-Path", "X-Cr-FileName"},
 	AllowCredentials: false,
 	ExposeHeaders:    nil,
+	SameSite:         "Default",
+	Secure:           false,
 }

 // SlaveConfig 从机配置