Skip to content

Commit

Permalink
fix: restrict cookie to api.testausserveri.fi for now
Browse files Browse the repository at this point in the history
  • Loading branch information
@Esinko
Esinko committed Dec 21, 2022
1 parent db0374c commit 6a9a9b3
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions components/Login/Login.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,13 @@ export function LoginDialog({ onClose }) {
fetch(`${apiServer}/v1/members/login`, {
method: "POST",
body: JSON.stringify(token),
redirect: "manual",
headers: {
"Content-Type": "application/json"
}
}).then(async res => {
if (res.status === 200) {
if (document.cookie.includes("code=")) document.cookie = document.cookie.replace(/code=(.{1,}|);( |)domain=\.testausserveri\.fi;( |)path=\/(;|$)/, "")
document.cookie += `code=${await res.text()};domain=.testausserveri.fi;path=/;`
if (document.cookie.includes("code=")) document.cookie = document.cookie.replace(/code=(.{1,}|);( |)domain=api\.testausserveri\.fi;( |)path=\/(;|$)/, "")
document.cookie += `code=${await res.text()};domain=api.testausserveri.fi;path=/;` // Note: when modifying the domain here, do not forget to change the regex above
window.location.href = `${apiServer}/v1/members`
}
else console.error("Failed to login.") // TODO: display to user
Expand Down

8 comments on commit 6a9a9b3

@vercel
Copy link

@vercel vercel bot commented on 6a9a9b3 Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

testausserveri-fi – ./

testausserveri-fi.vercel.app
testausserveri-fi-ahnl.vercel.app
testausserveri-fi-git-coal-ahnl.vercel.app
coal.testausserveri.fi
testausserveri.fi

@bluelhf
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps a variable could be used so maintaining this is easier ?

@Esinko
Copy link
Member Author

@Esinko Esinko commented on 6a9a9b3 Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps a variable could be used so maintaining this is easier ?

This implementation is likely to change or be removed once the member pages are actually implemented. This is mearly a hacky test.

@Esinko
Copy link
Member Author

@Esinko Esinko commented on 6a9a9b3 Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps a variable could be used so maintaining this is easier ?

Feel free to add a variable if you'd like though.

@kymppi
Copy link
Member

@kymppi kymppi commented on 6a9a9b3 Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uhh, is there some specific reason why the cookie is not HttpOnly, isnt it a security risk to expose the cookie to javascript

@Esinko
Copy link
Member Author

@Esinko Esinko commented on 6a9a9b3 Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uhh, is there some specific reason why the cookie is not HttpOnly, isnt it a security risk to expose the cookie to javascript

Feel free to fix it, but as I said before, this is a hacky test.

@Esinko
Copy link
Member Author

@Esinko Esinko commented on 6a9a9b3 Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uhh, is there some specific reason why the cookie is not HttpOnly, isnt it a security risk to expose the cookie to javascript

Feel free to fix it, but as I said before, this is a hacky test.

There is a reason why this isn't available in production yet. Use it at your own risk if you must.

@bluelhf
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps a variable could be used so maintaining this is easier ?

This implementation is likely to change or be removed once the member pages are actually implemented. This is mearly a hacky test.

okay :)

Please sign in to comment.