From 8ef6f4b80907bffb88f174165b3c9ee2fb550779 Mon Sep 17 00:00:00 2001 From: Pablu23 Date: Tue, 2 Sep 2025 15:13:15 +0200 Subject: [PATCH] Make cookies send back from router secure, if router is secured by ssl --- router.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/router.go b/router.go index 4fdf768..140327b 100644 --- a/router.go +++ b/router.go @@ -157,11 +157,15 @@ func applyResponseHeader(w http.ResponseWriter, res *http.Response) { w.Header().Set(name, value) } } + w.WriteHeader(res.StatusCode) } -func applyCookies(w http.ResponseWriter, res *http.Response) { +func (router *Router) applyCookies(w http.ResponseWriter, res *http.Response) { cookies := res.Cookies() for _, cookie := range cookies { + if router.config.Server.Ssl.Enabled { + cookie.Secure = true + } http.SetCookie(w, cookie) } } @@ -222,7 +226,8 @@ func (router *Router) Route(w http.ResponseWriter, r *http.Request) { return } - applyCookies(w, res) + router.applyCookies(w, res) + applyResponseHeader(w, res) // Exit early because its a redirect // Maybe this should be before applying cookies or after applying headers @@ -230,8 +235,6 @@ func (router *Router) Route(w http.ResponseWriter, r *http.Request) { return } - applyResponseHeader(w, res) - err = applyBody(w, res) if err != nil { log.Error().Err(err).Msg("Could not apply body") @@ -242,7 +245,7 @@ func (router *Router) Route(w http.ResponseWriter, r *http.Request) { func handleLocation(w http.ResponseWriter, r *http.Request, res *http.Response) bool { if loc, err := res.Location(); err == nil { - http.Redirect(w, r, loc.RequestURI(), http.StatusFound) + http.Redirect(w, r, loc.String(), http.StatusFound) return false } else if !errors.Is(err, http.ErrNoLocation) { log.Error().Err(err).Msg("Could not extract location")