search

qvest-digital / loginsrv

JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..
MIT License
1.92k stars 150 forks source link

Cookie SameSite attribute #174

Open didasy opened 4 years ago

didasy commented 4 years ago

SInce Go 1.11, the Cookie struct has SameSite attribute in it to prevent CSRF attacks. I think loginsrv need to provide -cookie-samesite option.