Skip to content

Commit

Permalink
chore: remove session cookie security attributes
Browse files Browse the repository at this point in the history 
Too bad. They just don't work.
JavaScript cannot create cookies with HttpOnly.
There is no privacy risk with this test. So it shall remain as an insecure mess.
  • Loading branch information
@Esinko
Esinko committed Dec 21, 2022
1 parent 6799c41 commit be87c61
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion components/Login/Login.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ export function LoginDialog({ onClose }) {
}).then(async res => {
if (res.status === 200) {
if (document.cookie.includes("code=")) document.cookie = document.cookie.replace(cookieRegex, "")
document.cookie += `${!document.cookie.endsWith(";") ? ";" : ""}code=${await res.text()};Domain=${allowedDomain};Path=${allowedPath};Secure;HttpOnly;`
document.cookie += `${!document.cookie.endsWith(";") && document.cookie.length > 0 ? ";" : ""}code=${await res.text()};Domain=${allowedDomain};Path=${allowedPath};`
window.location.href = `${apiServer}/v1/members`
}
else console.error("Failed to login.") // TODO: display to user
Expand Down

1 comment on commit be87c61

@vercel
Copy link

@vercel vercel bot commented on be87c61 Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

testausserveri-fi – ./

testausserveri-fi.vercel.app
testausserveri-fi-git-coal-ahnl.vercel.app
coal.testausserveri.fi
testausserveri-fi-ahnl.vercel.app
testausserveri.fi

Please sign in to comment.