github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-04-02 18:23:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

Set all cookies with sameSite: strict

Browse source 
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Signed-off-by: David Mehren <dmehren1@gmail.com>
This commit is contained in:
David Mehren 2020-06-08 15:27:31 +02:00
parent 49de5f5bd6
commit e77e7b165a
No known key found for this signature in database
GPG key ID: 6017AF117F9756CB
5 changed files with 26 additions and 13 deletions

3
app.js
View file

@ -139,7 +139,8 @@ app.use(session({
saveUninitialized: true, // always create session to ensure the origin
rolling: true, // reset maxAge on every response
cookie: {
maxAge: config.sessionLife
maxAge: config.sessionLife,
sameSite: 'strict'
},
store: sessionStore
}))

3
public/js/index.js
View file

@ -1596,7 +1596,8 @@ function toggleNightMode () {
store.set('nightMode', !isActive)
} else {
Cookies.set('nightMode', !isActive, {
expires: 365
expires: 365,
sameSite: 'strict'
})
}
}

6
public/js/lib/common/login.js
View file

@ -19,11 +19,13 @@ export function resetCheckAuth () {
export function setLoginState (bool, id) {
Cookies.set('loginstate', bool, {
expires: 365
expires: 365,
sameSite: 'strict'
})
if (id) {
Cookies.set('userid', id, {
expires: 365
expires: 365,
sameSite: 'strict'
})
} else {
Cookies.remove('userid')

24
public/js/lib/editor/index.js
View file

@ -303,12 +303,14 @@ export default class Editor {
const setType = () => {
if (this.editor.getOption('indentWithTabs')) {
Cookies.set('indent_type', 'tab', {
expires: 365
expires: 365,
sameSite: 'strict'
})
type.text('Tab Size:')
} else {
Cookies.set('indent_type', 'space', {
expires: 365
expires: 365,
sameSite: 'strict'
})
type.text('Spaces:')
}
@ -319,11 +321,13 @@ export default class Editor {
var unit = this.editor.getOption('indentUnit')
if (this.editor.getOption('indentWithTabs')) {
Cookies.set('tab_size', unit, {
expires: 365
expires: 365,
sameSite: 'strict'
})
} else {
Cookies.set('space_units', unit, {
expires: 365
expires: 365,
sameSite: 'strict'
})
}
widthLabel.text(unit)
@ -391,7 +395,8 @@ export default class Editor {
const setKeymapLabel = () => {
var keymap = this.editor.getOption('keyMap')
Cookies.set('keymap', keymap, {
expires: 365
expires: 365,
sameSite: 'strict'
})
label.text(keymap)
this.restoreOverrideEditorKeymap()
@ -439,7 +444,8 @@ export default class Editor {
}
this.editor.setOption('theme', theme)
Cookies.set('theme', theme, {
expires: 365
expires: 365,
sameSite: 'strict'
})
checkTheme()
@ -484,7 +490,8 @@ export default class Editor {
this.editor.setOption('mode', mode)
}
Cookies.set('spellcheck', mode === 'spell-checker', {
expires: 365
expires: 365,
sameSite: 'strict'
})
checkSpellcheck()
@ -529,7 +536,8 @@ export default class Editor {
)
if (overrideBrowserKeymap.is(':checked')) {
Cookies.set('preferences-override-browser-keymap', true, {
expires: 365
expires: 365,
sameSite: 'strict'
})
this.restoreOverrideEditorKeymap()
} else {

3
public/js/locale.js
View file

@ -25,7 +25,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected')
locale.change(function () {
Cookies.set('locale', $(this).val(), {
expires: 365
expires: 365,
sameSite: 'strict'
})
window.location.reload()
})