github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-23 10:16:32 -05:00
Code Issues Projects Releases Packages Wiki Activity

Set all cookies with sameSite: strict

Browse source 
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Signed-off-by: David Mehren <dmehren1@gmail.com>
This commit is contained in:
David Mehren 2020-06-08 15:27:31 +02:00 committed by Dexter Chua
parent 370916e951
commit faa10da86b
5 changed files with 26 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
public/js/index.js
View file

@ -1594,7 +1594,8 @@ function toggleNightMode () {
store.set('nightMode', !isActive)
} else {
Cookies.set('nightMode', !isActive, {
expires: 365
expires: 365,
sameSite: 'strict'
})
}
}

6
public/js/lib/common/login.js
View file

@ -19,11 +19,13 @@ export function resetCheckAuth () {
export function setLoginState (bool, id) {
Cookies.set('loginstate', bool, {
expires: 365
expires: 365,
sameSite: 'strict'
})
if (id) {
Cookies.set('userid', id, {
expires: 365
expires: 365,
sameSite: 'strict'
})
} else {
Cookies.remove('userid')

24
public/js/lib/editor/index.js
View file

@ -344,12 +344,14 @@ export default class Editor {
const setType = () => {
if (this.editor.getOption('indentWithTabs')) {
Cookies.set('indent_type', 'tab', {
expires: 365
expires: 365,
sameSite: 'strict'
})
type.text('Tab Size:')
} else {
Cookies.set('indent_type', 'space', {
expires: 365
expires: 365,
sameSite: 'strict'
})
type.text('Spaces:')
}
@ -360,11 +362,13 @@ export default class Editor {
var unit = this.editor.getOption('indentUnit')
if (this.editor.getOption('indentWithTabs')) {
Cookies.set('tab_size', unit, {
expires: 365
expires: 365,
sameSite: 'strict'
})
} else {
Cookies.set('space_units', unit, {
expires: 365
expires: 365,
sameSite: 'strict'
})
}
widthLabel.text(unit)
@ -432,7 +436,8 @@ export default class Editor {
const setKeymapLabel = () => {
var keymap = this.editor.getOption('keyMap')
Cookies.set('keymap', keymap, {
expires: 365
expires: 365,
sameSite: 'strict'
})
label.text(keymap)
this.restoreOverrideEditorKeymap()
@ -480,7 +485,8 @@ export default class Editor {
}
this.editor.setOption('theme', theme)
Cookies.set('theme', theme, {
expires: 365
expires: 365,
sameSite: 'strict'
})
checkTheme()
@ -525,7 +531,8 @@ export default class Editor {
this.editor.setOption('mode', mode)
}
Cookies.set('spellcheck', mode === 'spell-checker', {
expires: 365
expires: 365,
sameSite: 'strict'
})
checkSpellcheck()
@ -570,7 +577,8 @@ export default class Editor {
)
if (overrideBrowserKeymap.is(':checked')) {
Cookies.set('preferences-override-browser-keymap', true, {
expires: 365
expires: 365,
sameSite: 'strict'
})
this.restoreOverrideEditorKeymap()
} else {

3
public/js/locale.js
View file

@ -25,7 +25,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected')
locale.change(function () {
Cookies.set('locale', $(this).val(), {
expires: 365
expires: 365,
sameSite: 'strict'
})
window.location.reload()
})

3
src/lib/app.ts
View file

@ -181,7 +181,8 @@ app.use(session({
saveUninitialized: true, // always create session to ensure the origin
rolling: true, // reset maxAge on every response
cookie: {
maxAge: config.sessionLife
maxAge: config.sessionLife,
sameSite: 'strict'
},
store: sessionStore
}))