Same-Site
attribute improperly configured for gin session cookie GO-S1042Same-Site: None
cookies are available on cross-origin requests making the
application vulnerable to CSRF (cross-site request forgery) attacks. It is
recommended to use Same-Site: Lax
or Same-Site: Strict
depending on the
application requirements.
package main
import (
"net/http"
"github.com/gin-contrib/sessions"
)
func foo(store sessions.Store) {
store.Options(sessions.Options{SameSite: http.SameSiteNoneMode})
}
package main
import (
"net/http"
"github.com/gin-contrib/sessions"
)
func foo(store sessions.Store) {
store.Options(sessions.Options{SameSite: http.SameSiteStrictMode})
}
or
package main
import (
"net/http"
"github.com/gin-contrib/sessions"
)
func foo(store sessions.Store) {
store.Options(sessions.Options{SameSite: http.SameSiteLaxMode})
}