mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-11-08 23:33:09 +02:00
6826e43ad7
We can't make the cookie `HttpOnly` because we're setting it from Javascript, but I'm not sure it's worth the trouble to redesign that: `JSON.parse(localStorage.account).token` gives you the token anyway, hiding the cookie from JS won't offer much protection. At least we can mark is `Secure` (meaning, only send it over HTTPS) and _delete it on logout_ (it wasn't!) |
||
---|---|---|
.. | ||
.storybook | ||
.vscode | ||
@types | ||
assets | ||
lib | ||
public | ||
src | ||
test | ||
.eslintrc.cjs | ||
.gitignore | ||
package.json | ||
tsconfig.json | ||
vite.config.local-dev.ts | ||
vite.config.ts | ||
vite.json5.ts | ||
vue-shims.d.ts |