mirror of
https://github.com/plan-player-analytics/Plan.git
synced 2025-01-16 05:01:43 +01:00
Added SameSite policy Lax and Secure to all cookies
Affects issues: - Close #1609
This commit is contained in:
parent
e2043715d2
commit
89abdae4c8
@ -142,7 +142,7 @@ public class RequestHandler implements HttpHandler {
|
||||
String from = exchange.getRequestURI().toASCIIString();
|
||||
response = Response.builder()
|
||||
.redirectTo(StringUtils.startsWithAny(from, "/auth/", "/login") ? "/login" : "/login?from=." + from)
|
||||
.setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=1")
|
||||
.setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=1; SameSite=Lax; Secure;")
|
||||
.build();
|
||||
}
|
||||
}
|
||||
|
@ -39,7 +39,7 @@ import java.util.concurrent.TimeUnit;
|
||||
@Singleton
|
||||
public class LoginResolver implements NoAuthResolver {
|
||||
|
||||
private DBSystem dbSystem;
|
||||
private final DBSystem dbSystem;
|
||||
|
||||
@Inject
|
||||
public LoginResolver(
|
||||
@ -61,7 +61,7 @@ public class LoginResolver implements NoAuthResolver {
|
||||
public Response getResponse(String cookie) {
|
||||
return Response.builder()
|
||||
.setStatus(200)
|
||||
.setHeader("Set-Cookie", "auth=" + cookie + "; Path=/; Max-Age=" + TimeUnit.HOURS.toSeconds(2L))
|
||||
.setHeader("Set-Cookie", "auth=" + cookie + "; Path=/; Max-Age=" + TimeUnit.HOURS.toSeconds(2L) + "; SameSite=Lax; Secure;")
|
||||
.setJSONContent(Collections.singletonMap("success", true))
|
||||
.build();
|
||||
}
|
||||
|
@ -58,7 +58,7 @@ public class LogoutResolver implements NoAuthResolver {
|
||||
public Response getResponse(String cookie) {
|
||||
return Response.builder()
|
||||
.setStatus(200)
|
||||
.setHeader("Set-Cookie", "auth=" + cookie + "; Max-Age=1")
|
||||
.setHeader("Set-Cookie", "auth=" + cookie + "; Max-Age=1; SameSite=Lax; Secure;")
|
||||
.setMimeType(MimeType.HTML)
|
||||
.setContent(
|
||||
"<p>Logging out..</p><script>const urlParams = new URLSearchParams(window.location.search);" +
|
||||
|
Loading…
Reference in New Issue
Block a user