From 0851e9e9f2cfc75996169408ad01e300d047c61e Mon Sep 17 00:00:00 2001
From: partisan <none@noone.no>
Date: Mon, 6 Jan 2025 18:52:43 +0100
Subject: [PATCH] added secure cookies settings

---
 user-settings.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/user-settings.go b/user-settings.go
index a872f11..68c3a39 100755
--- a/user-settings.go
+++ b/user-settings.go
@@ -72,8 +72,9 @@ func saveUserSettings(w http.ResponseWriter, settings UserSettings) {
 			Value:    cd.GetValue(settings),
 			Path:     "/",
 			Expires:  expiration,
-			Secure:   true,
-			SameSite: http.SameSiteStrictMode,
+			Secure:   true, // Ensure HTTPS is required
+			HttpOnly: true,
+			SameSite: http.SameSiteStrictMode, // Restrict cross-site usage
 		})
 	}