From be87c61fa43a104f9c707da989ea6957337f1c7e Mon Sep 17 00:00:00 2001
From: Esinko <34211401+Esinko@users.noreply.github.com>
Date: Wed, 21 Dec 2022 22:18:03 +0200
Subject: [PATCH] chore: remove session cookie security attributes

Too bad. They just don't work.
JavaScript cannot create cookies with HttpOnly.
There is no privacy risk with this test. So it shall remain as an insecure mess.
---
 components/Login/Login.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/Login/Login.js b/components/Login/Login.js
index 62f0a19e..6b6d78a0 100644
--- a/components/Login/Login.js
+++ b/components/Login/Login.js
@@ -45,7 +45,7 @@ export function LoginDialog({ onClose }) {
         }).then(async res => {
           if (res.status === 200) {
             if (document.cookie.includes("code=")) document.cookie = document.cookie.replace(cookieRegex, "")
-            document.cookie += `${!document.cookie.endsWith(";") ? ";" : ""}code=${await res.text()};Domain=${allowedDomain};Path=${allowedPath};Secure;HttpOnly;`
+            document.cookie += `${!document.cookie.endsWith(";") && document.cookie.length > 0 ? ";" : ""}code=${await res.text()};Domain=${allowedDomain};Path=${allowedPath};`
             window.location.href = `${apiServer}/v1/members`
           }
           else console.error("Failed to login.") // TODO: display to user