diff options
| author | David Mehren | 2020-06-08 15:27:31 +0200 |
|---|---|---|
| committer | David Mehren | 2020-06-08 15:27:31 +0200 |
| commit | e77e7b165ac4920290015ec4b95e651730009edc (patch) | |
| tree | 15f7918b02634913082d760003a9b57dbd317f51 /public/js | |
| parent | 49de5f5bd6239354d98b424804951974588ab25e (diff) | |
Set all cookies with sameSite: strict
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Signed-off-by: David Mehren <dmehren1@gmail.com>
Diffstat (limited to 'public/js')
| -rw-r--r-- | public/js/index.js | 3 | ||||
| -rw-r--r-- | public/js/lib/common/login.js | 6 | ||||
| -rw-r--r-- | public/js/lib/editor/index.js | 24 | ||||
| -rw-r--r-- | public/js/locale.js | 3 |
4 files changed, 24 insertions, 12 deletions
diff --git a/public/js/index.js b/public/js/index.js index de3c8a6d..ad20ffff 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -1596,7 +1596,8 @@ function toggleNightMode () { store.set('nightMode', !isActive) } else { Cookies.set('nightMode', !isActive, { - expires: 365 + expires: 365, + sameSite: 'strict' }) } } diff --git a/public/js/lib/common/login.js b/public/js/lib/common/login.js index 28e5b470..931c115f 100644 --- a/public/js/lib/common/login.js +++ b/public/js/lib/common/login.js @@ -19,11 +19,13 @@ export function resetCheckAuth () { export function setLoginState (bool, id) { Cookies.set('loginstate', bool, { - expires: 365 + expires: 365, + sameSite: 'strict' }) if (id) { Cookies.set('userid', id, { - expires: 365 + expires: 365, + sameSite: 'strict' }) } else { Cookies.remove('userid') diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js index 8553caa9..07ef58a1 100644 --- a/public/js/lib/editor/index.js +++ b/public/js/lib/editor/index.js @@ -303,12 +303,14 @@ export default class Editor { const setType = () => { if (this.editor.getOption('indentWithTabs')) { Cookies.set('indent_type', 'tab', { - expires: 365 + expires: 365, + sameSite: 'strict' }) type.text('Tab Size:') } else { Cookies.set('indent_type', 'space', { - expires: 365 + expires: 365, + sameSite: 'strict' }) type.text('Spaces:') } @@ -319,11 +321,13 @@ export default class Editor { var unit = this.editor.getOption('indentUnit') if (this.editor.getOption('indentWithTabs')) { Cookies.set('tab_size', unit, { - expires: 365 + expires: 365, + sameSite: 'strict' }) } else { Cookies.set('space_units', unit, { - expires: 365 + expires: 365, + sameSite: 'strict' }) } widthLabel.text(unit) @@ -391,7 +395,8 @@ export default class Editor { const setKeymapLabel = () => { var keymap = this.editor.getOption('keyMap') Cookies.set('keymap', keymap, { - expires: 365 + expires: 365, + sameSite: 'strict' }) label.text(keymap) this.restoreOverrideEditorKeymap() @@ -439,7 +444,8 @@ export default class Editor { } this.editor.setOption('theme', theme) Cookies.set('theme', theme, { - expires: 365 + expires: 365, + sameSite: 'strict' }) checkTheme() @@ -484,7 +490,8 @@ export default class Editor { this.editor.setOption('mode', mode) } Cookies.set('spellcheck', mode === 'spell-checker', { - expires: 365 + expires: 365, + sameSite: 'strict' }) checkSpellcheck() @@ -529,7 +536,8 @@ export default class Editor { ) if (overrideBrowserKeymap.is(':checked')) { Cookies.set('preferences-override-browser-keymap', true, { - expires: 365 + expires: 365, + sameSite: 'strict' }) this.restoreOverrideEditorKeymap() } else { diff --git a/public/js/locale.js b/public/js/locale.js index 71c0f99f..670370d4 100644 --- a/public/js/locale.js +++ b/public/js/locale.js @@ -25,7 +25,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected') locale.change(function () { Cookies.set('locale', $(this).val(), { - expires: 365 + expires: 365, + sameSite: 'strict' }) window.location.reload() }) |