mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-14 07:04:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Set secure flag for non-session cookies

Browse source 
This adds the secure flag to all cookies that are set
in the frontend for storing various settings.
If `SameSite=none` is set (like when embedding the instance is allowed),
 the `secure` flag is necessary to set any cookie.

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-08-14 14:08:39 +02:00
parent 3175fe18b2
commit 7b00a59661
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
5 changed files with 29 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

11
public/js/lib/common/login.js
View file

@ -20,15 +20,20 @@ export function resetCheckAuth () {
export function setLoginState (bool, id) {
Cookies.set('loginstate', bool, {
expires: 365,
sameSite: window.cookiePolicy
sameSite: window.cookiePolicy,
secure: window.location.protocol === 'https:'
})
if (id) {
Cookies.set('userid', id, {
expires: 365,
sameSite: window.cookiePolicy
sameSite: window.cookiePolicy,
secure: window.location.protocol === 'https:'
})
} else {
Cookies.remove('userid')
Cookies.remove('userid', {
sameSite: window.cookiePolicy,
secure: window.location.protocol === 'https:'
})
}
lastLoginState = bool
lastUserId = id