From 170b3ec45f297215be6fd6727e9d80121728df15 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Thu, 30 Nov 2023 04:44:18 -0500 Subject: [PATCH] Removing cookie secure check. (#4213) --- api_tests/package.json | 2 +- api_tests/yarn.lock | 8 ++++---- crates/api/src/lib.rs | 10 +--------- crates/utils/src/error.rs | 2 -- 4 files changed, 6 insertions(+), 16 deletions(-) diff --git a/api_tests/package.json b/api_tests/package.json index a6bf91f72..8ab01b628 100644 --- a/api_tests/package.json +++ b/api_tests/package.json @@ -27,7 +27,7 @@ "eslint": "^8.54.0", "eslint-plugin-prettier": "^5.0.1", "jest": "^29.5.0", - "lemmy-js-client": "0.19.0-alpha.18", + "lemmy-js-client": "0.19.0-rc.19", "prettier": "^3.1.0", "ts-jest": "^29.1.0", "typescript": "^5.3.2" diff --git a/api_tests/yarn.lock b/api_tests/yarn.lock index 7167c9b93..ebf36bc58 100644 --- a/api_tests/yarn.lock +++ b/api_tests/yarn.lock @@ -2286,10 +2286,10 @@ kleur@^3.0.3: resolved "https://registry.yarnpkg.com/kleur/-/kleur-3.0.3.tgz#a79c9ecc86ee1ce3fa6206d1216c501f147fc07e" integrity sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w== -lemmy-js-client@0.19.0-alpha.18: - version "0.19.0-alpha.18" - resolved "https://registry.yarnpkg.com/lemmy-js-client/-/lemmy-js-client-0.19.0-alpha.18.tgz#f94841681cabdf9d5c4ce7048eacb57557f68724" - integrity sha512-cKJfKKnjK+ijk0Yd6ydtne3Y4FILp2RbQg05pCru9n6PCyPAa85eQL4QxPB1PPed20ckSZRcHLcnr/bYFDgpaw== +lemmy-js-client@0.19.0-rc.19: + version "0.19.0-rc.19" + resolved "https://registry.yarnpkg.com/lemmy-js-client/-/lemmy-js-client-0.19.0-rc.19.tgz#13932ab2b40cf16aa5218715509ebdc48f874f84" + integrity sha512-kae8V33QixbyYIA+pn7+sCeOOWL3eRgnFaNkZU8Y8vxhwZExIhkZus9jzVt/BoyPddVlafyBHxgAUsWXLA4tRA== dependencies: cross-fetch "^3.1.5" form-data "^4.0.0" diff --git a/crates/api/src/lib.rs b/crates/api/src/lib.rs index 712498f0f..faa74824e 100644 --- a/crates/api/src/lib.rs +++ b/crates/api/src/lib.rs @@ -82,15 +82,7 @@ pub fn read_auth_token(req: &HttpRequest) -> Result, LemmyError> } // If that fails, try to read from cookie else if let Some(cookie) = &req.cookie(AUTH_COOKIE_NAME) { - // ensure that its marked as httponly and secure - let secure = cookie.secure().unwrap_or_default(); - let is_debug_mode = cfg!(debug_assertions); - - if !is_debug_mode && !secure { - Err(LemmyError::from(LemmyErrorType::AuthCookieInsecure)) - } else { - Ok(Some(cookie.value().to_string())) - } + Ok(Some(cookie.value().to_string())) } // Otherwise, there's no auth else { diff --git a/crates/utils/src/error.rs b/crates/utils/src/error.rs index c5cbaa07e..34f636705 100644 --- a/crates/utils/src/error.rs +++ b/crates/utils/src/error.rs @@ -221,8 +221,6 @@ pub enum LemmyErrorType { CouldntSendWebmention, ContradictingFilters, InstanceBlockAlreadyExists, - /// `jwt` cookie must be marked secure and httponly - AuthCookieInsecure, /// Thrown when an API call is submitted with more than 1000 array elements, see [[MAX_API_PARAM_ELEMENTS]] TooManyItems, CommunityHasNoFollowers,