Set all cookies with sameSite: strict

Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren <dmehren1@gmail.com>
author: David Mehren 2020-06-08 15:27:31 +0200
committer: David Mehren 2020-06-08 15:27:31 +0200
commit: e77e7b165ac4920290015ec4b95e651730009edc (patch)
tree: 15f7918b02634913082d760003a9b57dbd317f51 /public/js/lib/common
parent: 49de5f5bd6239354d98b424804951974588ab25e (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/public/js/lib/common/login.js b/public/js/lib/common/login.js
index 28e5b470..931c115f 100644
--- a/public/js/lib/common/login.js
+++ b/public/js/lib/common/login.js
@@ -19,11 +19,13 @@ export function resetCheckAuth () {
 
 export function setLoginState (bool, id) {
   Cookies.set('loginstate', bool, {
-    expires: 365
+    expires: 365,
+    sameSite: 'strict'
   })
   if (id) {
     Cookies.set('userid', id, {
-      expires: 365
+      expires: 365,
+      sameSite: 'strict'
     })
   } else {
     Cookies.remove('userid')
author	David Mehren	2020-06-08 15:27:31 +0200
committer	David Mehren	2020-06-08 15:27:31 +0200
commit	e77e7b165ac4920290015ec4b95e651730009edc (patch)
tree	15f7918b02634913082d760003a9b57dbd317f51 /public/js/lib/common
parent	49de5f5bd6239354d98b424804951974588ab25e (diff)