From e84f8f55a2886eb4b25f7257ac68e73314caeeb3 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Wed, 29 Nov 2023 09:58:35 -0500 Subject: [PATCH] Remove httpOnly requirement. (#4212) --- crates/api/src/lib.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crates/api/src/lib.rs b/crates/api/src/lib.rs index e3acae193..712498f0f 100644 --- a/crates/api/src/lib.rs +++ b/crates/api/src/lib.rs @@ -84,10 +84,9 @@ pub fn read_auth_token(req: &HttpRequest) -> Result, LemmyError> else if let Some(cookie) = &req.cookie(AUTH_COOKIE_NAME) { // ensure that its marked as httponly and secure let secure = cookie.secure().unwrap_or_default(); - let http_only = cookie.http_only().unwrap_or_default(); let is_debug_mode = cfg!(debug_assertions); - if !is_debug_mode && (!secure || !http_only) { + if !is_debug_mode && !secure { Err(LemmyError::from(LemmyErrorType::AuthCookieInsecure)) } else { Ok(Some(cookie.value().to_string()))