Merge pull request #1538 from hedgedoc/fix/secure_cookies

2024-11-25 03:06:31 -05:00 · 2021-08-15 00:42:52 +02:00 · 2021-08-15 00:42:52 +02:00 · a865ed0822
commit a865ed0822
parent fc1aec6cb4 7b00a59661
5 changed files with 29 additions and 13 deletions
--- a/public/docs/release-notes.md
+++ b/public/docs/release-notes.md
@ -17,6 +17,7 @@
 ### Bugfixes
 - Fix crash when trying to read the current Git commit on startup 
 - Fix endless loop on shutdown when HedgeDoc can't connect to the database
 - Ensure that all cookies are set with the `secure` flag, if HedgeDoc is loaded via HTTPS
 ## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11
--- a/public/js/index.js
+++ b/public/js/index.js
@ -2098,7 +2098,8 @@ function toggleNightMode () {
  } else {
    Cookies.set('nightMode', !isActive, {
      expires: 365,
-      sameSite: window.cookiePolicy
+      sameSite: window.cookiePolicy,
      secure: window.location.protocol === 'https:'
    })
  }
 }
--- a/public/js/lib/common/login.js
+++ b/public/js/lib/common/login.js
@ -20,15 +20,20 @@ export function resetCheckAuth () {
 export function setLoginState (bool, id) {
  Cookies.set('loginstate', bool, {
    expires: 365,
-    sameSite: window.cookiePolicy
+    sameSite: window.cookiePolicy,
    secure: window.location.protocol === 'https:'
  })
  if (id) {
    Cookies.set('userid', id, {
      expires: 365,
-      sameSite: window.cookiePolicy
+      sameSite: window.cookiePolicy,
      secure: window.location.protocol === 'https:'
    })
  } else {
-    Cookies.remove('userid')
+    Cookies.remove('userid', {
      sameSite: window.cookiePolicy,
      secure: window.location.protocol === 'https:'
    })
  }
  lastLoginState = bool
  lastUserId = id
--- a/public/js/lib/editor/index.js
+++ b/public/js/lib/editor/index.js
@ -343,13 +343,15 @@ export default class Editor {
      if (this.editor.getOption('indentWithTabs')) {
        Cookies.set('indent_type', 'tab', {
          expires: 365,
-          sameSite: window.cookiePolicy
+          sameSite: window.cookiePolicy,
          secure: window.location.protocol === 'https:'
        })
        type.text('Tab Size:')
      } else {
        Cookies.set('indent_type', 'space', {
          expires: 365,
-          sameSite: window.cookiePolicy
+          sameSite: window.cookiePolicy,
          secure: window.location.protocol === 'https:'
        })
        type.text('Spaces:')
      }
@ -361,12 +363,14 @@ export default class Editor {
      if (this.editor.getOption('indentWithTabs')) {
        Cookies.set('tab_size', unit, {
          expires: 365,
-          sameSite: window.cookiePolicy
+          sameSite: window.cookiePolicy,
          secure: window.location.protocol === 'https:'
        })
      } else {
        Cookies.set('space_units', unit, {
          expires: 365,
-          sameSite: window.cookiePolicy
+          sameSite: window.cookiePolicy,
          secure: window.location.protocol === 'https:'
        })
      }
      widthLabel.text(unit)
@ -435,7 +439,8 @@ export default class Editor {
      const keymap = this.editor.getOption('keyMap')
      Cookies.set('keymap', keymap, {
        expires: 365,
-        sameSite: window.cookiePolicy
+        sameSite: window.cookiePolicy,
        secure: window.location.protocol === 'https:'
      })
      label.text(keymap)
      this.restoreOverrideEditorKeymap()
@ -484,7 +489,8 @@ export default class Editor {
      this.editor.setOption('theme', theme)
      Cookies.set('theme', theme, {
        expires: 365,
-        sameSite: window.cookiePolicy
+        sameSite: window.cookiePolicy,
        secure: window.location.protocol === 'https:'
      })
      checkTheme()
@ -530,7 +536,8 @@ export default class Editor {
      }
      Cookies.set('spellcheck', mode === 'spell-checker', {
        expires: 365,
-        sameSite: window.cookiePolicy
+        sameSite: window.cookiePolicy,
        secure: window.location.protocol === 'https:'
      })
      checkSpellcheck()
@ -577,7 +584,8 @@ export default class Editor {
    if (overrideBrowserKeymap.is(':checked')) {
      Cookies.set('preferences-override-browser-keymap', true, {
        expires: 365,
-        sameSite: window.cookiePolicy
+        sameSite: window.cookiePolicy,
        secure: window.location.protocol === 'https:'
      })
      this.restoreOverrideEditorKeymap()
    } else {
--- a/public/js/locale.js
+++ b/public/js/locale.js
@ -34,7 +34,8 @@ if (localeSelector.length > 0) {
  localeSelector.change(function () {
    Cookies.set('locale', $(this).val(), {
      expires: 365,
-      sameSite: window.cookiePolicy
+      sameSite: window.cookiePolicy,
      secure: window.location.protocol === 'https:'
    })
    window.location.reload()
  })