summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Mehren2020-06-08 15:27:31 +0200
committerDavid Mehren2020-06-08 15:27:31 +0200
commite77e7b165ac4920290015ec4b95e651730009edc (patch)
tree15f7918b02634913082d760003a9b57dbd317f51
parent49de5f5bd6239354d98b424804951974588ab25e (diff)
Set all cookies with sameSite: strict
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren <dmehren1@gmail.com>
-rw-r--r--app.js3
-rw-r--r--public/js/index.js3
-rw-r--r--public/js/lib/common/login.js6
-rw-r--r--public/js/lib/editor/index.js24
-rw-r--r--public/js/locale.js3
5 files changed, 26 insertions, 13 deletions
diff --git a/app.js b/app.js
index 930191ce..7a66a537 100644
--- a/app.js
+++ b/app.js
@@ -139,7 +139,8 @@ app.use(session({
saveUninitialized: true, // always create session to ensure the origin
rolling: true, // reset maxAge on every response
cookie: {
- maxAge: config.sessionLife
+ maxAge: config.sessionLife,
+ sameSite: 'strict'
},
store: sessionStore
}))
diff --git a/public/js/index.js b/public/js/index.js
index de3c8a6d..ad20ffff 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -1596,7 +1596,8 @@ function toggleNightMode () {
store.set('nightMode', !isActive)
} else {
Cookies.set('nightMode', !isActive, {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
}
}
diff --git a/public/js/lib/common/login.js b/public/js/lib/common/login.js
index 28e5b470..931c115f 100644
--- a/public/js/lib/common/login.js
+++ b/public/js/lib/common/login.js
@@ -19,11 +19,13 @@ export function resetCheckAuth () {
export function setLoginState (bool, id) {
Cookies.set('loginstate', bool, {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
if (id) {
Cookies.set('userid', id, {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
} else {
Cookies.remove('userid')
diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js
index 8553caa9..07ef58a1 100644
--- a/public/js/lib/editor/index.js
+++ b/public/js/lib/editor/index.js
@@ -303,12 +303,14 @@ export default class Editor {
const setType = () => {
if (this.editor.getOption('indentWithTabs')) {
Cookies.set('indent_type', 'tab', {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
type.text('Tab Size:')
} else {
Cookies.set('indent_type', 'space', {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
type.text('Spaces:')
}
@@ -319,11 +321,13 @@ export default class Editor {
var unit = this.editor.getOption('indentUnit')
if (this.editor.getOption('indentWithTabs')) {
Cookies.set('tab_size', unit, {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
} else {
Cookies.set('space_units', unit, {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
}
widthLabel.text(unit)
@@ -391,7 +395,8 @@ export default class Editor {
const setKeymapLabel = () => {
var keymap = this.editor.getOption('keyMap')
Cookies.set('keymap', keymap, {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
label.text(keymap)
this.restoreOverrideEditorKeymap()
@@ -439,7 +444,8 @@ export default class Editor {
}
this.editor.setOption('theme', theme)
Cookies.set('theme', theme, {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
checkTheme()
@@ -484,7 +490,8 @@ export default class Editor {
this.editor.setOption('mode', mode)
}
Cookies.set('spellcheck', mode === 'spell-checker', {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
checkSpellcheck()
@@ -529,7 +536,8 @@ export default class Editor {
)
if (overrideBrowserKeymap.is(':checked')) {
Cookies.set('preferences-override-browser-keymap', true, {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
this.restoreOverrideEditorKeymap()
} else {
diff --git a/public/js/locale.js b/public/js/locale.js
index 71c0f99f..670370d4 100644
--- a/public/js/locale.js
+++ b/public/js/locale.js
@@ -25,7 +25,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected')
locale.change(function () {
Cookies.set('locale', $(this).val(), {
- expires: 365
+ expires: 365,
+ sameSite: 'strict'
})
window.location.reload()
})