mirror of
https://github.com/LemmyNet/lemmy-ui.git
synced 2024-11-01 01:59:56 +00:00
Enforce SameSite=Strict (#1713)
This commit is contained in:
parent
b6415f828e
commit
a7592d74bb
4 changed files with 2008 additions and 2511 deletions
|
@ -48,6 +48,7 @@
|
||||||
"check-password-strength": "^2.0.7",
|
"check-password-strength": "^2.0.7",
|
||||||
"classnames": "^2.3.1",
|
"classnames": "^2.3.1",
|
||||||
"clean-webpack-plugin": "^4.0.0",
|
"clean-webpack-plugin": "^4.0.0",
|
||||||
|
"cookie": "^0.5.0",
|
||||||
"copy-webpack-plugin": "^11.0.0",
|
"copy-webpack-plugin": "^11.0.0",
|
||||||
"cross-fetch": "^3.1.5",
|
"cross-fetch": "^3.1.5",
|
||||||
"css-loader": "^6.7.3",
|
"css-loader": "^6.7.3",
|
||||||
|
@ -65,7 +66,6 @@
|
||||||
"inferno-i18next-dess": "0.0.2",
|
"inferno-i18next-dess": "0.0.2",
|
||||||
"inferno-router": "^8.1.1",
|
"inferno-router": "^8.1.1",
|
||||||
"inferno-server": "^8.1.1",
|
"inferno-server": "^8.1.1",
|
||||||
"isomorphic-cookie": "^1.2.4",
|
|
||||||
"jwt-decode": "^3.1.2",
|
"jwt-decode": "^3.1.2",
|
||||||
"lemmy-js-client": "0.18.0-rc.2",
|
"lemmy-js-client": "0.18.0-rc.2",
|
||||||
"lodash.isequal": "^4.5.0",
|
"lodash.isequal": "^4.5.0",
|
||||||
|
@ -97,6 +97,7 @@
|
||||||
"@babel/core": "^7.21.8",
|
"@babel/core": "^7.21.8",
|
||||||
"@types/autosize": "^4.0.0",
|
"@types/autosize": "^4.0.0",
|
||||||
"@types/bootstrap": "^5.2.6",
|
"@types/bootstrap": "^5.2.6",
|
||||||
|
"@types/cookie": "^0.5.1",
|
||||||
"@types/express": "^4.17.17",
|
"@types/express": "^4.17.17",
|
||||||
"@types/html-to-text": "^9.0.0",
|
"@types/html-to-text": "^9.0.0",
|
||||||
"@types/lodash.isequal": "^4.5.6",
|
"@types/lodash.isequal": "^4.5.6",
|
||||||
|
@ -125,6 +126,7 @@
|
||||||
"style-loader": "^3.3.2",
|
"style-loader": "^3.3.2",
|
||||||
"terser": "^5.17.3",
|
"terser": "^5.17.3",
|
||||||
"typescript": "^5.0.4",
|
"typescript": "^5.0.4",
|
||||||
|
"typescript-language-server": "^3.3.2",
|
||||||
"webpack-bundle-analyzer": "^4.9.0",
|
"webpack-bundle-analyzer": "^4.9.0",
|
||||||
"webpack-dev-server": "4.15.0"
|
"webpack-dev-server": "4.15.0"
|
||||||
},
|
},
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
import { initializeSite, isAuthPath } from "@utils/app";
|
import { initializeSite, isAuthPath } from "@utils/app";
|
||||||
import { getHttpBaseInternal } from "@utils/env";
|
import { getHttpBaseInternal } from "@utils/env";
|
||||||
import { ErrorPageData } from "@utils/types";
|
import { ErrorPageData } from "@utils/types";
|
||||||
|
import * as cookie from "cookie";
|
||||||
import fetch from "cross-fetch";
|
import fetch from "cross-fetch";
|
||||||
import type { Request, Response } from "express";
|
import type { Request, Response } from "express";
|
||||||
import { StaticRouter, matchPath } from "inferno-router";
|
import { StaticRouter, matchPath } from "inferno-router";
|
||||||
import { renderToString } from "inferno-server";
|
import { renderToString } from "inferno-server";
|
||||||
import IsomorphicCookie from "isomorphic-cookie";
|
|
||||||
import { GetSite, GetSiteResponse, LemmyHttp } from "lemmy-js-client";
|
import { GetSite, GetSiteResponse, LemmyHttp } from "lemmy-js-client";
|
||||||
import { App } from "../../shared/components/app/app";
|
import { App } from "../../shared/components/app/app";
|
||||||
import {
|
import {
|
||||||
|
@ -25,7 +25,7 @@ import { setForwardedHeaders } from "../utils/set-forwarded-headers";
|
||||||
export default async (req: Request, res: Response) => {
|
export default async (req: Request, res: Response) => {
|
||||||
try {
|
try {
|
||||||
const activeRoute = routes.find(route => matchPath(req.path, route));
|
const activeRoute = routes.find(route => matchPath(req.path, route));
|
||||||
let auth: string | undefined = IsomorphicCookie.load("jwt", req);
|
let auth = req.cookies ? cookie.parse(req.cookies).jwt : undefined;
|
||||||
|
|
||||||
const getSiteForm: GetSite = { auth };
|
const getSiteForm: GetSite = { auth };
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
import { isAuthPath } from "@utils/app";
|
import { isAuthPath } from "@utils/app";
|
||||||
import { isBrowser } from "@utils/browser";
|
import { isBrowser } from "@utils/browser";
|
||||||
import { isHttps } from "@utils/env";
|
import { isHttps } from "@utils/env";
|
||||||
import IsomorphicCookie from "isomorphic-cookie";
|
import * as cookie from "cookie";
|
||||||
import jwt_decode from "jwt-decode";
|
import jwt_decode from "jwt-decode";
|
||||||
import { LoginResponse, MyUserInfo } from "lemmy-js-client";
|
import { LoginResponse, MyUserInfo } from "lemmy-js-client";
|
||||||
import { toast } from "../toast";
|
import { toast } from "../toast";
|
||||||
|
@ -31,9 +31,14 @@ export class UserService {
|
||||||
public login(res: LoginResponse) {
|
public login(res: LoginResponse) {
|
||||||
const expires = new Date();
|
const expires = new Date();
|
||||||
expires.setDate(expires.getDate() + 365);
|
expires.setDate(expires.getDate() + 365);
|
||||||
if (res.jwt) {
|
if (isBrowser() && res.jwt) {
|
||||||
toast(I18NextService.i18n.t("logged_in"));
|
toast(I18NextService.i18n.t("logged_in"));
|
||||||
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps() });
|
document.cookie = cookie.serialize("jwt", res.jwt, {
|
||||||
|
expires,
|
||||||
|
secure: isHttps(),
|
||||||
|
domain: location.hostname,
|
||||||
|
sameSite: true,
|
||||||
|
});
|
||||||
this.#setJwtInfo();
|
this.#setJwtInfo();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -41,8 +46,14 @@ export class UserService {
|
||||||
public logout() {
|
public logout() {
|
||||||
this.jwtInfo = undefined;
|
this.jwtInfo = undefined;
|
||||||
this.myUserInfo = undefined;
|
this.myUserInfo = undefined;
|
||||||
IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
|
if (isBrowser()) {
|
||||||
document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.hostname;
|
document.cookie = cookie.serialize("jwt", "", {
|
||||||
|
maxAge: 0,
|
||||||
|
path: "/",
|
||||||
|
domain: location.hostname,
|
||||||
|
sameSite: true,
|
||||||
|
});
|
||||||
|
}
|
||||||
if (isAuthPath(location.pathname)) {
|
if (isAuthPath(location.pathname)) {
|
||||||
location.replace("/");
|
location.replace("/");
|
||||||
} else {
|
} else {
|
||||||
|
@ -66,10 +77,11 @@ export class UserService {
|
||||||
}
|
}
|
||||||
|
|
||||||
#setJwtInfo() {
|
#setJwtInfo() {
|
||||||
const jwt: string | undefined = IsomorphicCookie.load("jwt");
|
if (isBrowser()) {
|
||||||
|
const { jwt } = cookie.parse(document.cookie);
|
||||||
if (jwt) {
|
if (jwt) {
|
||||||
this.jwtInfo = { jwt, claims: jwt_decode(jwt) };
|
this.jwtInfo = { jwt, claims: jwt_decode(jwt) };
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue