sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set secure flag for non-session cookies

Browse Source 
This adds the secure flag to all cookies that are set
in the frontend for storing various settings.
If `SameSite=none` is set (like when embedding the instance is allowed),
 the `secure` flag is necessary to set any cookie.

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren
2021-08-14 14:08:39 +02:00
parent 3175fe18b2
commit 7b00a59661
5 changed files with 29 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
public/js/lib/common/login.js
View File

@@ -20,15 +20,20 @@ export function resetCheckAuth () {
export function setLoginState (bool, id) {
Cookies.set('loginstate', bool, {
expires: 365,
sameSite: window.cookiePolicy
sameSite: window.cookiePolicy,
secure: window.location.protocol === 'https:'
})
if (id) {
Cookies.set('userid', id, {
expires: 365,
sameSite: window.cookiePolicy
sameSite: window.cookiePolicy,
secure: window.location.protocol === 'https:'
})
} else {
Cookies.remove('userid')
Cookies.remove('userid', {
sameSite: window.cookiePolicy,
secure: window.location.protocol === 'https:'
})
}
lastLoginState = bool
lastUserId = id