From 6a9a9b3f3e86ebd3b243c88af5f930dead767cc2 Mon Sep 17 00:00:00 2001
From: Esinko <34211401+Esinko@users.noreply.github.com>
Date: Wed, 21 Dec 2022 21:16:01 +0200
Subject: [PATCH] fix: restrict cookie to api.testausserveri.fi for now

---
 components/Login/Login.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/components/Login/Login.js b/components/Login/Login.js
index 7e785062..e09ec47f 100644
--- a/components/Login/Login.js
+++ b/components/Login/Login.js
@@ -33,14 +33,13 @@ export function LoginDialog({ onClose }) {
         fetch(`${apiServer}/v1/members/login`, {
           method: "POST",
           body: JSON.stringify(token),
-          redirect: "manual",
           headers: {
             "Content-Type": "application/json"
           }
         }).then(async res => {
           if (res.status === 200) {
-            if (document.cookie.includes("code=")) document.cookie = document.cookie.replace(/code=(.{1,}|);( |)domain=\.testausserveri\.fi;( |)path=\/(;|$)/, "")
-            document.cookie += `code=${await res.text()};domain=.testausserveri.fi;path=/;`
+            if (document.cookie.includes("code=")) document.cookie = document.cookie.replace(/code=(.{1,}|);( |)domain=api\.testausserveri\.fi;( |)path=\/(;|$)/, "")
+            document.cookie += `code=${await res.text()};domain=api.testausserveri.fi;path=/;` // Note: when modifying the domain here, do not forget to change the regex above
             window.location.href = `${apiServer}/v1/members`
           }
           else console.error("Failed to login.") // TODO: display to user