mirror of
https://github.com/LemmyNet/lemmy-ui.git
synced 2025-01-08 19:21:27 +00:00
Enforce SameSite=Strict (#1713)
This commit is contained in:
parent
b6415f828e
commit
a7592d74bb
4 changed files with 2008 additions and 2511 deletions
|
@ -48,6 +48,7 @@
|
|||
"check-password-strength": "^2.0.7",
|
||||
"classnames": "^2.3.1",
|
||||
"clean-webpack-plugin": "^4.0.0",
|
||||
"cookie": "^0.5.0",
|
||||
"copy-webpack-plugin": "^11.0.0",
|
||||
"cross-fetch": "^3.1.5",
|
||||
"css-loader": "^6.7.3",
|
||||
|
@ -65,7 +66,6 @@
|
|||
"inferno-i18next-dess": "0.0.2",
|
||||
"inferno-router": "^8.1.1",
|
||||
"inferno-server": "^8.1.1",
|
||||
"isomorphic-cookie": "^1.2.4",
|
||||
"jwt-decode": "^3.1.2",
|
||||
"lemmy-js-client": "0.18.0-rc.2",
|
||||
"lodash.isequal": "^4.5.0",
|
||||
|
@ -97,6 +97,7 @@
|
|||
"@babel/core": "^7.21.8",
|
||||
"@types/autosize": "^4.0.0",
|
||||
"@types/bootstrap": "^5.2.6",
|
||||
"@types/cookie": "^0.5.1",
|
||||
"@types/express": "^4.17.17",
|
||||
"@types/html-to-text": "^9.0.0",
|
||||
"@types/lodash.isequal": "^4.5.6",
|
||||
|
@ -125,6 +126,7 @@
|
|||
"style-loader": "^3.3.2",
|
||||
"terser": "^5.17.3",
|
||||
"typescript": "^5.0.4",
|
||||
"typescript-language-server": "^3.3.2",
|
||||
"webpack-bundle-analyzer": "^4.9.0",
|
||||
"webpack-dev-server": "4.15.0"
|
||||
},
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
import { initializeSite, isAuthPath } from "@utils/app";
|
||||
import { getHttpBaseInternal } from "@utils/env";
|
||||
import { ErrorPageData } from "@utils/types";
|
||||
import * as cookie from "cookie";
|
||||
import fetch from "cross-fetch";
|
||||
import type { Request, Response } from "express";
|
||||
import { StaticRouter, matchPath } from "inferno-router";
|
||||
import { renderToString } from "inferno-server";
|
||||
import IsomorphicCookie from "isomorphic-cookie";
|
||||
import { GetSite, GetSiteResponse, LemmyHttp } from "lemmy-js-client";
|
||||
import { App } from "../../shared/components/app/app";
|
||||
import {
|
||||
|
@ -25,7 +25,7 @@ import { setForwardedHeaders } from "../utils/set-forwarded-headers";
|
|||
export default async (req: Request, res: Response) => {
|
||||
try {
|
||||
const activeRoute = routes.find(route => matchPath(req.path, route));
|
||||
let auth: string | undefined = IsomorphicCookie.load("jwt", req);
|
||||
let auth = req.cookies ? cookie.parse(req.cookies).jwt : undefined;
|
||||
|
||||
const getSiteForm: GetSite = { auth };
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
import { isAuthPath } from "@utils/app";
|
||||
import { isBrowser } from "@utils/browser";
|
||||
import { isHttps } from "@utils/env";
|
||||
import IsomorphicCookie from "isomorphic-cookie";
|
||||
import * as cookie from "cookie";
|
||||
import jwt_decode from "jwt-decode";
|
||||
import { LoginResponse, MyUserInfo } from "lemmy-js-client";
|
||||
import { toast } from "../toast";
|
||||
|
@ -31,9 +31,14 @@ export class UserService {
|
|||
public login(res: LoginResponse) {
|
||||
const expires = new Date();
|
||||
expires.setDate(expires.getDate() + 365);
|
||||
if (res.jwt) {
|
||||
if (isBrowser() && res.jwt) {
|
||||
toast(I18NextService.i18n.t("logged_in"));
|
||||
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps() });
|
||||
document.cookie = cookie.serialize("jwt", res.jwt, {
|
||||
expires,
|
||||
secure: isHttps(),
|
||||
domain: location.hostname,
|
||||
sameSite: true,
|
||||
});
|
||||
this.#setJwtInfo();
|
||||
}
|
||||
}
|
||||
|
@ -41,8 +46,14 @@ export class UserService {
|
|||
public logout() {
|
||||
this.jwtInfo = undefined;
|
||||
this.myUserInfo = undefined;
|
||||
IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
|
||||
document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.hostname;
|
||||
if (isBrowser()) {
|
||||
document.cookie = cookie.serialize("jwt", "", {
|
||||
maxAge: 0,
|
||||
path: "/",
|
||||
domain: location.hostname,
|
||||
sameSite: true,
|
||||
});
|
||||
}
|
||||
if (isAuthPath(location.pathname)) {
|
||||
location.replace("/");
|
||||
} else {
|
||||
|
@ -66,10 +77,11 @@ export class UserService {
|
|||
}
|
||||
|
||||
#setJwtInfo() {
|
||||
const jwt: string | undefined = IsomorphicCookie.load("jwt");
|
||||
|
||||
if (jwt) {
|
||||
this.jwtInfo = { jwt, claims: jwt_decode(jwt) };
|
||||
if (isBrowser()) {
|
||||
const { jwt } = cookie.parse(document.cookie);
|
||||
if (jwt) {
|
||||
this.jwtInfo = { jwt, claims: jwt_decode(jwt) };
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue