Set secure flag for non-session cookies

This adds the secure flag to all cookies that are set in the frontend for storing various settings. If `SameSite=none` is set (like when embedding the instance is allowed), the `secure` flag is necessary to set any cookie. Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-14 14:08:39 +02:00
parent 3175fe18b2
commit 7b00a59661
5 changed files with 29 additions and 13 deletions
--- a/public/js/locale.js
+++ b/public/js/locale.js
@@ -34,7 +34,8 @@ if (localeSelector.length > 0) {
  localeSelector.change(function () {
    Cookies.set('locale', $(this).val(), {
      expires: 365,
-      sameSite: window.cookiePolicy
+      sameSite: window.cookiePolicy,
+      secure: window.location.protocol === 'https:'
    })
    window.location.reload()
  })