docs update for go-aah/aah#233 go-aah/aah#234 go-aah/aah#242

go-aah · Jan 15, 2019 · 3a34d2c · 3a34d2c
1 parent d2dd645
commit 3a34d2c
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 1 deletion.
diff --git a/anti-csrf-protection.md b/anti-csrf-protection.md
@@ -60,6 +60,15 @@ anti_csrf {
   # Default value is `24h`.
   #ttl = "24h"
 
+  # SameSite attribute support
+  # Refer to https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
+  #
+  # Introduced in v0.13.0 release.
+  #
+  # Supported values are `default`, `lax` and `strict`.
+  # Default value is `default`.
+  samesite = "default"
+
   # Anti-CSRF cookie value signing using `HMAC`. For server farm this
   # should be same in all instance. For HMAC sign & verify it recommend to use
   # key size is `32` or `64` bytes.
@@ -74,9 +83,27 @@ anti_csrf {
   # Default value is `32` bytes (Command `aah new` generates strong one using `crypto/rand`).
   enc_key = "2976a9d457266ef2f864c1d94055f9bf"
 
+  # Old sign key for the smooth key rotation of Anti-CSRF cookie signing into 
+  # new signing key. Refer to `sign_key` for more information.
+  #
+  # Introduced in v0.13.0 release.
+  #
+  # Default value is `empty` string.
+  old_sign_key = "729f9a8596d04815c0ee5667a96434fc067c7917b2ed45bbbdb817856f608b0c"
+
+  # Old encryption key for the smooth key rotation of Anti-CSRF cookie encryption 
+  # into new key. Refer to `enc_key` for more information.
+  #
+  # Introduced in v0.13.0 release.
+  #
+  # Default value is `empty` string.
+  old_enc_key = "50549e23027862586ec20c3c87664edd"
+
   # Configure trusted origin hosts here.
   #
   # Introduced in v0.13.0 release.
+  #
+  # Default value is `[]` empty list.
   trusted_origins = ["example1.com", "example.com", "example3.com:8080"]
 }
 ```

diff --git a/cookie-manager.md b/cookie-manager.md
@@ -30,6 +30,7 @@ opts := &cookie.Options{
     MaxAge: 2629746, // 1 month in seconds
     HTTPOnly: true,
     Secure: true, // use only SSL enabled website
+    SameSite: "lax",
 }
 
 // Get sign and encryption keys from configuration
@@ -69,6 +70,5 @@ func (c *ProductController) Show(id string) {
 
     value := string(b)
     c.Log().Info("Cookie value: ", value)
-
 }
 ```
diff --git a/security-config.md b/security-config.md
@@ -106,6 +106,15 @@ session {
   # then aah sets this value as false.
   secure = true
 
+  # SameSite attribute support
+  # Refer to https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
+  #
+  # Introduced in v0.13.0 release.
+  #
+  # Supported values are `default`, `lax` and `strict`.
+  # Default value is `default`.
+  samesite = "default"
+
   # HTTP session cookie value signing using `HMAC`. For server farm this
   # value should be same in all instance. For HMAC sign & verify it recommend to use
   # key size is `32` or `64` bytes.
@@ -120,6 +129,22 @@ session {
   # Default value is `32` bytes (`aah new` generates strong one using `crypto/rand`).
   enc_key = "d98b1966eb94e9fa35e25e611beba369"
 
+  # Old sign key for the smooth key rotation of cookie signing into new signing key.
+  # Refer to `sign_key` for more information.
+  #
+  # Introduced in v0.13.0 release.
+  #
+  # Default value is `empty` string.
+  old_sign_key = "04a55b202f98a4bc01e16752e66a52eb2b734a7615ac1f3057574ac45f9ea63a"
+
+  # Old encryption key for the smooth key rotation of cookie encryption into new 
+  # key. Refer to `enc_key` for more information.
+  #
+  # Introduced in v0.13.0 release.
+  #
+  # Default value is `empty` string.
+  old_enc_key = "e0ec243c1c4558c2be532a92a36d6325"
+
   # Cleanup Interval is used to clean the expired session data from session store.
   # It is only applicable for non-cookie store type.
   # Cleanup performed in dedicated goroutine. Valid time units are