public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add secure flag to cookies on client side if pad accessed through https

pull/3000/head
Stefan 2016-06-08 21:14:10 +02:00
parent 93dae51cda
commit 06ff023047
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/static/js/pad_cookie.js
View File

@ -43,7 +43,8 @@ var padcookie = (function()
{ {
var expiresDate = new Date(); var expiresDate = new Date();
expiresDate.setFullYear(3000); expiresDate.setFullYear(3000);
document.cookie = ('prefs=' + safeText + ';expires=' + expiresDate.toGMTString()); var secure = isHttpsScheme() ? ";secure" : "";
document.cookie = ('prefs=' + safeText + ';expires=' + expiresDate.toGMTString() + secure);
} }
function parseCookie(text) function parseCookie(text)
@ -79,6 +80,10 @@ var padcookie = (function()
alreadyWarnedAboutNoCookies = true; alreadyWarnedAboutNoCookies = true;
} }
} }
function isHttpsScheme() {
return window.location.protocol == "https:";
}
var wasNoCookie = true; var wasNoCookie = true;
var cookieData = {}; var cookieData = {};

7
src/static/js/pad_utils.js
View File

@ -53,13 +53,16 @@ function createCookie(name, value, days, path){ /* Used by IE */
if(!path){ // IF the Path of the cookie isn't set then just create it on root if(!path){ // IF the Path of the cookie isn't set then just create it on root
path = "/"; path = "/";
} }
//Check if we accessed the pad over https
var secure = window.location.protocol == "https:" ? ";secure" : "";
//Check if the browser is IE and if so make sure the full path is set in the cookie //Check if the browser is IE and if so make sure the full path is set in the cookie
if((navigator.appName == 'Microsoft Internet Explorer') || ((navigator.appName == 'Netscape') && (new RegExp("Trident/.*rv:([0-9]{1,}[\.0-9]{0,})").exec(navigator.userAgent) != null))){ if((navigator.appName == 'Microsoft Internet Explorer') || ((navigator.appName == 'Netscape') && (new RegExp("Trident/.*rv:([0-9]{1,}[\.0-9]{0,})").exec(navigator.userAgent) != null))){
document.cookie = name + "=" + value + expires + "; path=/"; /* Note this bodge fix for IE is temporary until auth is rewritten */ document.cookie = name + "=" + value + expires + "; path=/" + secure; /* Note this bodge fix for IE is temporary until auth is rewritten */
} }
else{ else{
document.cookie = name + "=" + value + expires + "; path=" + path; document.cookie = name + "=" + value + expires + "; path=" + path + secure;
} }
} }