Merge pull request #27 from timsueberkrueb/samesite-cookies

Set SameSite to Strict in auth cookies
michaelvanstraten · Nov 5, 2024 · 89d579d · 89d579d
2 parents a92e6bc + 504bfa9
commit 89d579d
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,7 +3,7 @@ members = ["derive", "./."]
 
 [package]
 name = "actix-jwt-auth-middleware"
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
 authors = ["Michael van Straten"]
 repository = "https://github.com/michaelvanstraten/actix-jwt-auth-middleware"

diff --git a/src/token_signer.rs b/src/token_signer.rs
@@ -5,6 +5,7 @@ use std::marker::PhantomData;
 use std::time::Duration;
 
 use actix_web::cookie::Cookie;
+use actix_web::cookie::SameSite;
 use actix_web::http::header::HeaderValue;
 use chrono::TimeDelta;
 use derive_builder::Builder;
@@ -249,6 +250,7 @@ where
     ) -> AuthResult<Cookie<'static>> {
         let token = self.create_signed_token(claims, token_lifetime)?;
         Ok(Cookie::build(cookie_name.to_string(), token)
+            .same_site(SameSite::Strict)
             .secure(true)
             .finish())
     }