csrf: able to set custom cookie name

Add new config option '[session] CSRF_COOKIE_NAME'.
2017-02-22 21:46:43 -05:00 · 2017-02-22 21:46:43 -05:00 · 054e97d614
parent 28983c94ff
commit 054e97d614
5 changed files with 9 additions and 6 deletions
--- a/conf/app.ini
+++ b/conf/app.ini
@ -250,6 +250,8 @@ ENABLE_SET_COOKIE = true
 GC_INTERVAL_TIME = 86400
 ; Session life time, default is 86400
 SESSION_LIFE_TIME = 86400
+; Cookie name for CSRF
+CSRF_COOKIE_NAME = _csrf

 [picture]
 ; Path to store user uploaded avatars
--- a/gogs.go
+++ b/gogs.go
@ -16,7 +16,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )

-const APP_VER = "0.9.165.0222 / 0.10 RC"
+const APP_VER = "0.9.166.0222 / 0.10 RC"

 func init() {
 	setting.AppVer = APP_VER
--- a/modules/bindata/bindata.go
+++ b/modules/bindata/bindata.go
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -187,7 +187,7 @@ var (

 	// Session settings
 	SessionConfig  session.Options
-	CSRFCookieName = "_csrf"
+	CSRFCookieName string

 	// Cron tasks
 	Cron struct {
@ -744,6 +744,7 @@ func newSessionService() {
 	SessionConfig.Secure = Cfg.Section("session").Key("COOKIE_SECURE").MustBool()
 	SessionConfig.Gclifetime = Cfg.Section("session").Key("GC_INTERVAL_TIME").MustInt64(86400)
 	SessionConfig.Maxlifetime = Cfg.Section("session").Key("SESSION_LIFE_TIME").MustInt64(86400)
+	CSRFCookieName = Cfg.Section("session").Key("CSRF_COOKIE_NAME").MustString("_csrf")

 	log.Info("Session Service Enabled")
 }
--- a/templates/.VERSION
+++ b/templates/.VERSION
@ -1 +1 @@
-0.9.165.0222 / 0.10 RC
+0.9.166.0222 / 0.10 RC