mark redirect_to cookie as http only

closes #10829
8 years ago · 0ab0343995
parent aa902ef826
commit 0ab0343995
1 changed files with 2 additions and 1 deletions
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -51,7 +51,8 @@ func notAuthorized(c *Context) {
 		return
 	}

-	c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
+	c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/", nil, false, true)
+
 	c.Redirect(setting.AppSubUrl + "/login")
 }