Upstream/Plan
1
0
Fork 0
mirror of https://github.com/plan-player-analytics/Plan.git synced 2024-12-29 20:48:01 +01:00
Code Issues Projects Releases Wiki Activity

Added SameSite policy Lax and Secure to all cookies

Browse Source 
Affects issues:
- Close #1609
This commit is contained in:
Risto Lahtela 2020-10-25 21:38:17 +02:00
parent e2043715d2
commit 89abdae4c8
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java
View File

@ -142,7 +142,7 @@ public class RequestHandler implements HttpHandler {
String from = exchange.getRequestURI().toASCIIString(); String from = exchange.getRequestURI().toASCIIString();
response = Response.builder() response = Response.builder()
.redirectTo(StringUtils.startsWithAny(from, "/auth/", "/login") ? "/login" : "/login?from=." + from) .redirectTo(StringUtils.startsWithAny(from, "/auth/", "/login") ? "/login" : "/login?from=." + from)
.setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=1") .setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=1; SameSite=Lax; Secure;")
.build(); .build();
} }
} }

4
Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/resolver/auth/LoginResolver.java
View File

@ -39,7 +39,7 @@ import java.util.concurrent.TimeUnit;
@Singleton @Singleton
public class LoginResolver implements NoAuthResolver { public class LoginResolver implements NoAuthResolver {
private DBSystem dbSystem; private final DBSystem dbSystem;
@Inject @Inject
public LoginResolver( public LoginResolver(
@ -61,7 +61,7 @@ public class LoginResolver implements NoAuthResolver {
public Response getResponse(String cookie) { public Response getResponse(String cookie) {
return Response.builder() return Response.builder()
.setStatus(200) .setStatus(200)
.setHeader("Set-Cookie", "auth=" + cookie + "; Path=/; Max-Age=" + TimeUnit.HOURS.toSeconds(2L)) .setHeader("Set-Cookie", "auth=" + cookie + "; Path=/; Max-Age=" + TimeUnit.HOURS.toSeconds(2L) + "; SameSite=Lax; Secure;")
.setJSONContent(Collections.singletonMap("success", true)) .setJSONContent(Collections.singletonMap("success", true))
.build(); .build();
} }

2
Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/resolver/auth/LogoutResolver.java
View File

@ -58,7 +58,7 @@ public class LogoutResolver implements NoAuthResolver {
public Response getResponse(String cookie) { public Response getResponse(String cookie) {
return Response.builder() return Response.builder()
.setStatus(200) .setStatus(200)
.setHeader("Set-Cookie", "auth=" + cookie + "; Max-Age=1") .setHeader("Set-Cookie", "auth=" + cookie + "; Max-Age=1; SameSite=Lax; Secure;")
.setMimeType(MimeType.HTML) .setMimeType(MimeType.HTML)
.setContent( .setContent(
"<p>Logging out..</p><script>const urlParams = new URLSearchParams(window.location.search);" + "<p>Logging out..</p><script>const urlParams = new URLSearchParams(window.location.search);" +