Same-Site
attribute improperly configured for fiber session cookie GO-S1041Same-Site: None
cookies are available on cross-origin requests making the
application vulnerable to CSRF (cross-site request forgery) attacks. It is
recommended to use Same-Site: Lax
or Same-Site: Strict
depending on the
application requirements.
package main
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/session"
)
func main() {
app := fiber.New()
sess := session.New(session.Config{CookieSameSite: "None"})
app.Use(sess)
}
package main
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/session"
)
func main() {
app := fiber.New()
sess := session.New(session.Config{CookieSameSite: "Lax"})
app.Use(sess)
}
or
package main
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/session"
)
func main() {
app := fiber.New()
sess := session.New(session.Config{CookieSameSite: "Strict"})
app.Use(sess)
}