Remove httpOnly requirement. (#4212)
This commit is contained in:
parent
86990d5138
commit
e84f8f55a2
1 changed files with 1 additions and 2 deletions
|
@ -84,10 +84,9 @@ pub fn read_auth_token(req: &HttpRequest) -> Result<Option<String>, LemmyError>
|
|||
else if let Some(cookie) = &req.cookie(AUTH_COOKIE_NAME) {
|
||||
// ensure that its marked as httponly and secure
|
||||
let secure = cookie.secure().unwrap_or_default();
|
||||
let http_only = cookie.http_only().unwrap_or_default();
|
||||
let is_debug_mode = cfg!(debug_assertions);
|
||||
|
||||
if !is_debug_mode && (!secure || !http_only) {
|
||||
if !is_debug_mode && !secure {
|
||||
Err(LemmyError::from(LemmyErrorType::AuthCookieInsecure))
|
||||
} else {
|
||||
Ok(Some(cookie.value().to_string()))
|
||||
|
|
Loading…
Reference in a new issue