merge: make cookie a bit more secure - fixes #445 (!468)

View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/468

Closes #445

Approved-by: Luna <her@mint.lgbt>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
This commit is contained in:
dakkar 2024-03-14 14:47:38 +00:00
commit 94aed953b5

View file

@ -43,6 +43,7 @@ export async function signout() {
waiting(); waiting();
miLocalStorage.removeItem('account'); miLocalStorage.removeItem('account');
await removeAccount($i.id); await removeAccount($i.id);
document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`;
const accounts = await getAccounts(); const accounts = await getAccounts();
//#region Remove service worker registration //#region Remove service worker registration
@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) {
throw reason; throw reason;
}); });
miLocalStorage.setItem('account', JSON.stringify(me)); miLocalStorage.setItem('account', JSON.stringify(me));
document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う
await addAccount(me.id, token); await addAccount(me.id, token);
if (redirect) { if (redirect) {