Set all cookies with sameSite: strict

Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren <dmehren1@gmail.com>
author: David Mehren 2020-06-08 15:27:31 +0200
committer: David Mehren 2020-06-08 15:27:31 +0200
commit: e77e7b165ac4920290015ec4b95e651730009edc (patch)
tree: 15f7918b02634913082d760003a9b57dbd317f51 /public/js/lib
parent: 49de5f5bd6239354d98b424804951974588ab25e (diff)
2 files changed, 20 insertions, 10 deletions
diff --git a/public/js/lib/common/login.js b/public/js/lib/common/login.js
index 28e5b470..931c115f 100644
--- a/public/js/lib/common/login.js
+++ b/public/js/lib/common/login.js
@@ -19,11 +19,13 @@ export function resetCheckAuth () {
 
 export function setLoginState (bool, id) {
   Cookies.set('loginstate', bool, {
-    expires: 365
+    expires: 365,
+    sameSite: 'strict'
   })
   if (id) {
     Cookies.set('userid', id, {
-      expires: 365
+      expires: 365,
+      sameSite: 'strict'
     })
   } else {
     Cookies.remove('userid')
diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js
index 8553caa9..07ef58a1 100644
--- a/public/js/lib/editor/index.js
+++ b/public/js/lib/editor/index.js
@@ -303,12 +303,14 @@ export default class Editor {
     const setType = () => {
       if (this.editor.getOption('indentWithTabs')) {
         Cookies.set('indent_type', 'tab', {
-          expires: 365
+          expires: 365,
+          sameSite: 'strict'
         })
         type.text('Tab Size:')
       } else {
         Cookies.set('indent_type', 'space', {
-          expires: 365
+          expires: 365,
+          sameSite: 'strict'
         })
         type.text('Spaces:')
       }
@@ -319,11 +321,13 @@ export default class Editor {
       var unit = this.editor.getOption('indentUnit')
       if (this.editor.getOption('indentWithTabs')) {
         Cookies.set('tab_size', unit, {
-          expires: 365
+          expires: 365,
+          sameSite: 'strict'
         })
       } else {
         Cookies.set('space_units', unit, {
-          expires: 365
+          expires: 365,
+          sameSite: 'strict'
         })
       }
       widthLabel.text(unit)
@@ -391,7 +395,8 @@ export default class Editor {
     const setKeymapLabel = () => {
       var keymap = this.editor.getOption('keyMap')
       Cookies.set('keymap', keymap, {
-        expires: 365
+        expires: 365,
+        sameSite: 'strict'
       })
       label.text(keymap)
       this.restoreOverrideEditorKeymap()
@@ -439,7 +444,8 @@ export default class Editor {
       }
       this.editor.setOption('theme', theme)
       Cookies.set('theme', theme, {
-        expires: 365
+        expires: 365,
+        sameSite: 'strict'
       })
 
       checkTheme()
@@ -484,7 +490,8 @@ export default class Editor {
         this.editor.setOption('mode', mode)
       }
       Cookies.set('spellcheck', mode === 'spell-checker', {
-        expires: 365
+        expires: 365,
+        sameSite: 'strict'
       })
 
       checkSpellcheck()
@@ -529,7 +536,8 @@ export default class Editor {
     )
     if (overrideBrowserKeymap.is(':checked')) {
       Cookies.set('preferences-override-browser-keymap', true, {
-        expires: 365
+        expires: 365,
+        sameSite: 'strict'
       })
       this.restoreOverrideEditorKeymap()
     } else {
author	David Mehren	2020-06-08 15:27:31 +0200
committer	David Mehren	2020-06-08 15:27:31 +0200
commit	e77e7b165ac4920290015ec4b95e651730009edc (patch)
tree	15f7918b02634913082d760003a9b57dbd317f51 /public/js/lib
parent	49de5f5bd6239354d98b424804951974588ab25e (diff)