From 6ae938c15435d2fa975816c684479903d1472f5d Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@suma-ev.de>
Date: Fri, 5 Apr 2024 12:28:48 +0200
Subject: [PATCH] use secure attribute in cookie

---
 pass/routes/key.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/pass/routes/key.js b/pass/routes/key.js
index 96d2a73..1ce4227 100644
--- a/pass/routes/key.js
+++ b/pass/routes/key.js
@@ -212,6 +212,15 @@ router.use("/:key", param("key").isUUID(4), async (req, res, next) => {
       params[cookie] = req.cookies[cookie];
     }
   }
+  for (let header in req.headers) {
+    if (
+      header.match(
+        /^(dark_mode$|new_tab$|zitate$|web_|bilder_|produkte_|nachrichten_|science_)/
+      )
+    ) {
+      params[header] = req.headers[header];
+    }
+  }
 
   metager_url += new URLSearchParams(params).toString();
 
@@ -241,13 +250,15 @@ router.get("/:key", async (req, res) => {
   if (req.data.admin) {
     res.redirect(`${res.locals.baseDir}/logout`);
     return;
-  } else if (
+  } else if ((
     !req.cookies.key ||
-    req.cookies.key !== req.data.key.key.get_key()
+    req.cookies.key !== req.data.key.key.get_key()) &&
+    (!req.headers.key || req.headers.key !== req.data.key.key.get_key())
   ) {
     res.cookie("key", req.data.key.key.get_key(), {
       sameSite: "lax",
       maxAge: 5 * 365 * 24 * 60 * 60 * 1000, // Store for 5 years
+      secure: true
     });
   }
   res.render("key", req.data);
-- 
GitLab