From 50a83e7e112be20c31f931390cb239b49812762e Mon Sep 17 00:00:00 2001 From: ssongliu <73214554+ssongliu@users.noreply.github.com> Date: Wed, 21 Feb 2024 19:06:28 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20Cookie=20=E5=90=AF=E7=94=A8=20httponly?= =?UTF-8?q?=20(#3941)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/service/auth.go | 4 ++-- backend/app/service/setting.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/backend/app/service/auth.go b/backend/app/service/auth.go index ff5635441..f309b5373 100644 --- a/backend/app/service/auth.go +++ b/backend/app/service/auth.go @@ -133,7 +133,7 @@ func (u *AuthService) generateSession(c *gin.Context, name, authMethod string) ( sessionUser, err := global.SESSION.Get(sID) if err != nil { sID = uuid.New().String() - c.SetCookie(constant.SessionName, sID, 0, "", "", httpsSetting.Value == "enable", false) + c.SetCookie(constant.SessionName, sID, 0, "", "", httpsSetting.Value == "enable", true) err := global.SESSION.Set(sID, sessionUser, lifeTime) if err != nil { return nil, err @@ -154,7 +154,7 @@ func (u *AuthService) LogOut(c *gin.Context) error { } sID, _ := c.Cookie(constant.SessionName) if sID != "" { - c.SetCookie(constant.SessionName, sID, -1, "", "", httpsSetting.Value == "enable", false) + c.SetCookie(constant.SessionName, sID, -1, "", "", httpsSetting.Value == "enable", true) err := global.SESSION.Delete(sID) if err != nil { return err diff --git a/backend/app/service/setting.go b/backend/app/service/setting.go index 8077ae9f7..940e27bad 100644 --- a/backend/app/service/setting.go +++ b/backend/app/service/setting.go @@ -199,7 +199,7 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error { _ = os.Remove(path.Join(secretDir, "server.crt")) _ = os.Remove(path.Join(secretDir, "server.key")) sID, _ := c.Cookie(constant.SessionName) - c.SetCookie(constant.SessionName, sID, 0, "", "", false, false) + c.SetCookie(constant.SessionName, sID, 0, "", "", false, true) go func() { _, err := cmd.Exec("systemctl restart 1panel.service") @@ -294,7 +294,7 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error { } sID, _ := c.Cookie(constant.SessionName) - c.SetCookie(constant.SessionName, sID, 0, "", "", true, false) + c.SetCookie(constant.SessionName, sID, 0, "", "", true, true) go func() { time.Sleep(1 * time.Second) _, err := cmd.Exec("systemctl restart 1panel.service")