Only use SameSite=None on Secure site

This fixes logging in when developing on newer versions of Chrome.
pull/443/head
Matt Baer 4 years ago
parent 2903c86875
commit 4565c6dd90
  1. 4
      session.go

@ -40,7 +40,9 @@ func (app *App) InitSession() {
MaxAge: sessionLength, MaxAge: sessionLength,
HttpOnly: true, HttpOnly: true,
Secure: strings.HasPrefix(app.cfg.App.Host, "https://"), Secure: strings.HasPrefix(app.cfg.App.Host, "https://"),
SameSite: http.SameSiteNoneMode, }
if store.Options.Secure {
store.Options.SameSite = http.SameSiteNoneMode
} }
app.sessionStore = store app.sessionStore = store
} }

Loading…
Cancel
Save