summaryrefslogtreecommitdiff
path: root/cmd/dashboard/main.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/dashboard/main.go')
-rw-r--r--cmd/dashboard/main.go4
1 files changed, 3 insertions, 1 deletions
diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go
index 14664fc..58f954d 100644
--- a/cmd/dashboard/main.go
+++ b/cmd/dashboard/main.go
@@ -45,7 +45,8 @@ func main() {
sessionManager := scs.New()
sessionManager.Store = sqlite3store.New(db.DB())
sessionManager.Lifetime = 24 * time.Hour
- sessionManager.Cookie.Secure = false // Set to true in production with HTTPS
+ sessionManager.Cookie.Persist = true
+ sessionManager.Cookie.Secure = !cfg.Debug
sessionManager.Cookie.SameSite = http.SameSiteLaxMode
// Initialize auth service
@@ -94,6 +95,7 @@ func main() {
r.Use(middleware.Recoverer)
r.Use(middleware.Timeout(60 * time.Second))
r.Use(sessionManager.LoadAndSave) // Session middleware must be applied globally
+ r.Use(authHandlers.Middleware().CSRFProtect) // CSRF protection
// Public routes (no auth required)
r.Get("/login", authHandlers.HandleLoginPage)
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-28 09:15:49 +0000