Skip to content
Snippets Groups Projects
Commit 6ae938c1 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

use secure attribute in cookie

parent 9d5f8a1b
No related branches found
No related tags found
No related merge requests found
Pipeline #9302 passed
Stage: build
Stage: deploy
Hide whitespace changes
Inline Side-by-side
Showing
with 13 additions and 2 deletions
pass/routes/key.js
+ 13
2
View file @ 6ae938c1
...@@ -212,6 +212,15 @@ router.use("/:key", param("key").isUUID(4), async (req, res, next) => { ...@@ -212,6 +212,15 @@ router.use("/:key", param("key").isUUID(4), async (req, res, next) => {
params[cookie] = req.cookies[cookie]; params[cookie] = req.cookies[cookie];
} }
} }
for (let header in req.headers) {
if (
header.match(
/^(dark_mode$|new_tab$|zitate$|web_|bilder_|produkte_|nachrichten_|science_)/
)
) {
params[header] = req.headers[header];
}
}
metager_url += new URLSearchParams(params).toString(); metager_url += new URLSearchParams(params).toString();
...@@ -241,13 +250,15 @@ router.get("/:key", async (req, res) => { ...@@ -241,13 +250,15 @@ router.get("/:key", async (req, res) => {
if (req.data.admin) { if (req.data.admin) {
res.redirect(`${res.locals.baseDir}/logout`); res.redirect(`${res.locals.baseDir}/logout`);
return; return;
} else if ( } else if ((
!req.cookies.key || !req.cookies.key ||
req.cookies.key !== req.data.key.key.get_key() req.cookies.key !== req.data.key.key.get_key()) &&
(!req.headers.key || req.headers.key !== req.data.key.key.get_key())
) { ) {
res.cookie("key", req.data.key.key.get_key(), { res.cookie("key", req.data.key.key.get_key(), {
sameSite: "lax", sameSite: "lax",
maxAge: 5 * 365 * 24 * 60 * 60 * 1000, // Store for 5 years maxAge: 5 * 365 * 24 * 60 * 60 * 1000, // Store for 5 years
secure: true
}); });
} }
res.render("key", req.data); res.render("key", req.data);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment