mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-23 10:16:32 -05:00
Set all cookies with sameSite: strict
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren <dmehren1@gmail.com>
This commit is contained in:
David Mehren
Dexter Chua
parent
370916e951
commit
faa10da86b
5 changed files with 26 additions and 13 deletions
|
|
@ -1594,7 +1594,8 @@ function toggleNightMode () {
|
||||||
store.set('nightMode', !isActive)
|
store.set('nightMode', !isActive)
|
||||||
} else {
|
} else {
|
||||||
Cookies.set('nightMode', !isActive, {
|
Cookies.set('nightMode', !isActive, {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,11 +19,13 @@ export function resetCheckAuth () {
|
||||||
|
|
||||||
export function setLoginState (bool, id) {
|
export function setLoginState (bool, id) {
|
||||||
Cookies.set('loginstate', bool, {
|
Cookies.set('loginstate', bool, {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
if (id) {
|
if (id) {
|
||||||
Cookies.set('userid', id, {
|
Cookies.set('userid', id, {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
} else {
|
} else {
|
||||||
Cookies.remove('userid')
|
Cookies.remove('userid')
|
||||||
|
|
|
||||||
|
|
@ -344,12 +344,14 @@ export default class Editor {
|
||||||
const setType = () => {
|
const setType = () => {
|
||||||
if (this.editor.getOption('indentWithTabs')) {
|
if (this.editor.getOption('indentWithTabs')) {
|
||||||
Cookies.set('indent_type', 'tab', {
|
Cookies.set('indent_type', 'tab', {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
type.text('Tab Size:')
|
type.text('Tab Size:')
|
||||||
} else {
|
} else {
|
||||||
Cookies.set('indent_type', 'space', {
|
Cookies.set('indent_type', 'space', {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
type.text('Spaces:')
|
type.text('Spaces:')
|
||||||
}
|
}
|
||||||
|
|
@ -360,11 +362,13 @@ export default class Editor {
|
||||||
var unit = this.editor.getOption('indentUnit')
|
var unit = this.editor.getOption('indentUnit')
|
||||||
if (this.editor.getOption('indentWithTabs')) {
|
if (this.editor.getOption('indentWithTabs')) {
|
||||||
Cookies.set('tab_size', unit, {
|
Cookies.set('tab_size', unit, {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
} else {
|
} else {
|
||||||
Cookies.set('space_units', unit, {
|
Cookies.set('space_units', unit, {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
widthLabel.text(unit)
|
widthLabel.text(unit)
|
||||||
|
|
@ -432,7 +436,8 @@ export default class Editor {
|
||||||
const setKeymapLabel = () => {
|
const setKeymapLabel = () => {
|
||||||
var keymap = this.editor.getOption('keyMap')
|
var keymap = this.editor.getOption('keyMap')
|
||||||
Cookies.set('keymap', keymap, {
|
Cookies.set('keymap', keymap, {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
label.text(keymap)
|
label.text(keymap)
|
||||||
this.restoreOverrideEditorKeymap()
|
this.restoreOverrideEditorKeymap()
|
||||||
|
|
@ -480,7 +485,8 @@ export default class Editor {
|
||||||
}
|
}
|
||||||
this.editor.setOption('theme', theme)
|
this.editor.setOption('theme', theme)
|
||||||
Cookies.set('theme', theme, {
|
Cookies.set('theme', theme, {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
|
|
||||||
checkTheme()
|
checkTheme()
|
||||||
|
|
@ -525,7 +531,8 @@ export default class Editor {
|
||||||
this.editor.setOption('mode', mode)
|
this.editor.setOption('mode', mode)
|
||||||
}
|
}
|
||||||
Cookies.set('spellcheck', mode === 'spell-checker', {
|
Cookies.set('spellcheck', mode === 'spell-checker', {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
|
|
||||||
checkSpellcheck()
|
checkSpellcheck()
|
||||||
|
|
@ -570,7 +577,8 @@ export default class Editor {
|
||||||
)
|
)
|
||||||
if (overrideBrowserKeymap.is(':checked')) {
|
if (overrideBrowserKeymap.is(':checked')) {
|
||||||
Cookies.set('preferences-override-browser-keymap', true, {
|
Cookies.set('preferences-override-browser-keymap', true, {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
this.restoreOverrideEditorKeymap()
|
this.restoreOverrideEditorKeymap()
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected')
|
||||||
|
|
||||||
locale.change(function () {
|
locale.change(function () {
|
||||||
Cookies.set('locale', $(this).val(), {
|
Cookies.set('locale', $(this).val(), {
|
||||||
expires: 365
|
expires: 365,
|
||||||
|
sameSite: 'strict'
|
||||||
})
|
})
|
||||||
window.location.reload()
|
window.location.reload()
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -181,7 +181,8 @@ app.use(session({
|
||||||
saveUninitialized: true, // always create session to ensure the origin
|
saveUninitialized: true, // always create session to ensure the origin
|
||||||
rolling: true, // reset maxAge on every response
|
rolling: true, // reset maxAge on every response
|
||||||
cookie: {
|
cookie: {
|
||||||
maxAge: config.sessionLife
|
maxAge: config.sessionLife,
|
||||||
|
sameSite: 'strict'
|
||||||
},
|
},
|
||||||
store: sessionStore
|
store: sessionStore
|
||||||
}))
|
}))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue