Set secure flag for non-session cookies

This adds the secure flag to all cookies that are set
in the frontend for storing various settings.
If `SameSite=none` is set (like when embedding the instance is allowed),
 the `secure` flag is necessary to set any cookie.

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-08-14 14:08:39 +02:00
parent 3175fe18b2
commit 7b00a59661
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
5 changed files with 29 additions and 13 deletions

View file

@ -12,6 +12,7 @@
### Bugfixes
- Fix crash when trying to read the current Git commit on startup
- Fix endless loop on shutdown when HedgeDoc can't connect to the database
- Ensure that all cookies are set with the `secure` flag, if HedgeDoc is loaded via HTTPS
## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11