Tituya
/
PCv5
forked from devs/PCv5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

app: send cookies with Secure and SameSite=Lax (#60) 

Sending cookies without Secure and without SameSite causes Firefox to
ignore or invalidate them, which disconnects accounts seemingly randomly.
This commit is contained in:
Lephe 2020-10-30 14:05:34 +01:00
parent e06363715e
commit a95a88f3b1
Signed by untrusted user: Lephenixnoir
GPG Key ID: 1BBA026E13FC0495
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/static/scripts/pc-utils.js
View File

@ -1,7 +1,7 @@
function setCookie(name, value) {
var end = new Date();
end.setTime( end.getTime() + 3600 * 1000 );
var str=name+"="+escape(value)+"; expires="+end.toGMTString()+"; path=/";
var str=name+"="+escape(value)+"; expires="+end.toGMTString()+"; path=/; Secure; SameSite=lax";
document.cookie = str;
}
function getCookie(name) {

6
config.py
View File

@ -18,6 +18,12 @@ class Config(object):
MAIL_DEFAULT_SENDER = "noreply@v5.planet-casio.com"
MAIL_SUPPRESS_SEND = None
# Only send cookies over HTTPS connections (use only if HTTPS is enabled)
SESSION_COOKIE_SECURE = True
# Only send cookies in requests, do not expose them to Javascript
SESSION_COOKIE_HTTPONLY = True
# Do not attach cookies to cross-origin requests
SESSION_COOKIE_SAMESITE = "Lax"
class DefaultConfig(object):
"""Every value here can be overrided in the local_config.py class"""