From 711b817cff92a92085f8eabc0faf53629cf49dc1 Mon Sep 17 00:00:00 2001 From: Harvey Tindall Date: Sat, 24 Aug 2024 15:25:08 +0100 Subject: [PATCH] auth: add note for self about secure cookies --- auth.go | 1 + 1 file changed, 1 insertion(+) diff --git a/auth.go b/auth.go index 0975fe5..1c64713 100644 --- a/auth.go +++ b/auth.go @@ -251,6 +251,7 @@ func (app *appContext) getTokenLogin(gc *gin.Context) { // host := gc.Request.URL.Hostname() host := app.ExternalDomain + // Before you think this is broken: the first "true" arg is for "secure", i.e. only HTTPS! gc.SetCookie("refresh", refresh, REFRESH_TOKEN_VALIDITY_SEC, "/", host, true, true) gc.JSON(200, getTokenDTO{token}) }