-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF cookie 没有设置secure=true #2721
Comments
Translation of this issue: CSRF cookie is not set to secure=trueCSRF cookie is not set to secure=true in https mode
|
Hello @innoyinghe. Please provide a reproducible example by creating a github repo. Issues labeled by |
这样的话,
所以 |
@BaffinLee 那在egg里 怎么配置koa 的 cookies的参数呢 |
@CHEN-DONG csrf 是使用 koa 的 cookies 模块设置的,secure 是自动根据当前协议是否 https 来做设置的,目前不支持配置 csrf 的 secure 配置。 |
目前很多项目都是基于云的,https都是在F5或者nginx上面配置的,这种情况koa无法直接根据https来判断。我需要设置app.proxy=true ? |
你在 nginx 上配置一下 |
@CHEN-DONG 你是用 |
我配置完 proxy=true , 目前可以用了。非常感谢! |
https 模式下,CSRF cookie 没有设置secure=true
The text was updated successfully, but these errors were encountered: