mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-28 23:04:22 -05:00
Merge pull request #1538 from hedgedoc/fix/secure_cookies
This commit is contained in:
commit
a865ed0822
5 changed files with 29 additions and 13 deletions
|
@ -17,6 +17,7 @@
|
||||||
### Bugfixes
|
### Bugfixes
|
||||||
- Fix crash when trying to read the current Git commit on startup
|
- Fix crash when trying to read the current Git commit on startup
|
||||||
- Fix endless loop on shutdown when HedgeDoc can't connect to the database
|
- Fix endless loop on shutdown when HedgeDoc can't connect to the database
|
||||||
|
- Ensure that all cookies are set with the `secure` flag, if HedgeDoc is loaded via HTTPS
|
||||||
|
|
||||||
## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11
|
## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11
|
||||||
|
|
||||||
|
|
|
@ -2098,7 +2098,8 @@ function toggleNightMode () {
|
||||||
} else {
|
} else {
|
||||||
Cookies.set('nightMode', !isActive, {
|
Cookies.set('nightMode', !isActive, {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,15 +20,20 @@ export function resetCheckAuth () {
|
||||||
export function setLoginState (bool, id) {
|
export function setLoginState (bool, id) {
|
||||||
Cookies.set('loginstate', bool, {
|
Cookies.set('loginstate', bool, {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
if (id) {
|
if (id) {
|
||||||
Cookies.set('userid', id, {
|
Cookies.set('userid', id, {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
} else {
|
} else {
|
||||||
Cookies.remove('userid')
|
Cookies.remove('userid', {
|
||||||
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
|
})
|
||||||
}
|
}
|
||||||
lastLoginState = bool
|
lastLoginState = bool
|
||||||
lastUserId = id
|
lastUserId = id
|
||||||
|
|
|
@ -343,13 +343,15 @@ export default class Editor {
|
||||||
if (this.editor.getOption('indentWithTabs')) {
|
if (this.editor.getOption('indentWithTabs')) {
|
||||||
Cookies.set('indent_type', 'tab', {
|
Cookies.set('indent_type', 'tab', {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
type.text('Tab Size:')
|
type.text('Tab Size:')
|
||||||
} else {
|
} else {
|
||||||
Cookies.set('indent_type', 'space', {
|
Cookies.set('indent_type', 'space', {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
type.text('Spaces:')
|
type.text('Spaces:')
|
||||||
}
|
}
|
||||||
|
@ -361,12 +363,14 @@ export default class Editor {
|
||||||
if (this.editor.getOption('indentWithTabs')) {
|
if (this.editor.getOption('indentWithTabs')) {
|
||||||
Cookies.set('tab_size', unit, {
|
Cookies.set('tab_size', unit, {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
} else {
|
} else {
|
||||||
Cookies.set('space_units', unit, {
|
Cookies.set('space_units', unit, {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
widthLabel.text(unit)
|
widthLabel.text(unit)
|
||||||
|
@ -435,7 +439,8 @@ export default class Editor {
|
||||||
const keymap = this.editor.getOption('keyMap')
|
const keymap = this.editor.getOption('keyMap')
|
||||||
Cookies.set('keymap', keymap, {
|
Cookies.set('keymap', keymap, {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
label.text(keymap)
|
label.text(keymap)
|
||||||
this.restoreOverrideEditorKeymap()
|
this.restoreOverrideEditorKeymap()
|
||||||
|
@ -484,7 +489,8 @@ export default class Editor {
|
||||||
this.editor.setOption('theme', theme)
|
this.editor.setOption('theme', theme)
|
||||||
Cookies.set('theme', theme, {
|
Cookies.set('theme', theme, {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
|
|
||||||
checkTheme()
|
checkTheme()
|
||||||
|
@ -530,7 +536,8 @@ export default class Editor {
|
||||||
}
|
}
|
||||||
Cookies.set('spellcheck', mode === 'spell-checker', {
|
Cookies.set('spellcheck', mode === 'spell-checker', {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
|
|
||||||
checkSpellcheck()
|
checkSpellcheck()
|
||||||
|
@ -577,7 +584,8 @@ export default class Editor {
|
||||||
if (overrideBrowserKeymap.is(':checked')) {
|
if (overrideBrowserKeymap.is(':checked')) {
|
||||||
Cookies.set('preferences-override-browser-keymap', true, {
|
Cookies.set('preferences-override-browser-keymap', true, {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
this.restoreOverrideEditorKeymap()
|
this.restoreOverrideEditorKeymap()
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -34,7 +34,8 @@ if (localeSelector.length > 0) {
|
||||||
localeSelector.change(function () {
|
localeSelector.change(function () {
|
||||||
Cookies.set('locale', $(this).val(), {
|
Cookies.set('locale', $(this).val(), {
|
||||||
expires: 365,
|
expires: 365,
|
||||||
sameSite: window.cookiePolicy
|
sameSite: window.cookiePolicy,
|
||||||
|
secure: window.location.protocol === 'https:'
|
||||||
})
|
})
|
||||||
window.location.reload()
|
window.location.reload()
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue