cory/tildefriends
4
5
Fork 1
Code Issues 29 Pull Requests 1 Actions Releases 26 Wiki Activity

Don't use Secure cookies if we're not using TLS.

Browse Source 
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4209 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
Cory McWilliams 2023-03-09 01:39:15 +00:00
parent 2c1a43df2e
commit 6064ed6a3a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/auth.js
View File

@ -170,7 +170,7 @@ function handler(request, response) {
} }
} }
let cookie = `session=${session}; path=/; Max-Age=${kRefreshInterval}; Secure; SameSite=Strict`; let cookie = `session=${session}; path=/; Max-Age=${kRefreshInterval}; ${request.client.tls ? 'Secure; ' : ''}SameSite=Strict`;
let entry = readSession(session); let entry = readSession(session);
if (entry && formData.return) { if (entry && formData.return) {
response.writeHead(303, {"Location": formData.return, "Set-Cookie": cookie}); response.writeHead(303, {"Location": formData.return, "Set-Cookie": cookie});
@ -224,7 +224,7 @@ function handler(request, response) {
}); });
} }
} else if (request.uri == "/login/logout") { } else if (request.uri == "/login/logout") {
response.writeHead(303, {"Set-Cookie": "session=; path=/; Secure; SameSite=Strict; expires=Thu, 01 Jan 1970 00:00:00 GMT", "Location": "/login" + (request.query ? "?" + request.query : "")}); response.writeHead(303, {"Set-Cookie": `session=; path=/; ${request.client.tls ? 'Secure; ' : ''}SameSite=Strict; expires=Thu, 01 Jan 1970 00:00:00 GMT`, "Location": "/login" + (request.query ? "?" + request.query : "")});
response.end(); response.end();
} else { } else {
response.writeHead(200, {"Content-Type": "text/plain; charset=utf-8", "Connection": "close"}); response.writeHead(200, {"Content-Type": "text/plain; charset=utf-8", "Connection": "close"});