feat(security): #286 use csrf token for delete request

2024-12-11 15:47:29 +01:00
parent 8cf2210aaf
commit 12d7c13b02
4 changed files with 82 additions and 87 deletions
--- a/handler/middleware/default.go
+++ b/handler/middleware/default.go
@@ -0,0 +1,15 @@
+package middleware
+
+import "net/http"
+
+func CreateSessionCookie(sessionId string) http.Cookie {
+	return http.Cookie{
+		Name:     "id",
+		Value:    sessionId,
+		MaxAge:   60 * 60 * 8, // 8 hours
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+		Path:     "/",
+	}
+}