nutomic/ibis
1
0
Fork 0
mirror of https://github.com/Nutomic/ibis.git synced 2024-11-22 08:01:09 +00:00
Code Projects Releases Packages Activity

Dont set cookie domain on localhost

Browse source
This commit is contained in:
Felix Ableitner 2024-10-14 10:44:50 +02:00
parent fdda0f584a
commit 51b5cc7d79
1 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/backend/api/user.rs
View file

@ -89,17 +89,20 @@ pub(in crate::backend::api) async fn login_user(
} }
let token = generate_login_token(&user.person, &data)?; let token = generate_login_token(&user.person, &data)?;
let jar = jar.add(create_cookie(token, &data)); let jar = jar.add(create_cookie(token, &data));
dbg!(&jar);
Ok((jar, Json(user))) Ok((jar, Json(user)))
} }
fn create_cookie(jwt: String, data: &Data<IbisData>) -> Cookie<'static> { fn create_cookie(jwt: String, data: &Data<IbisData>) -> Cookie<'static> {
let mut domain = data.domain().to_string(); let mut cookie = Cookie::build((AUTH_COOKIE, jwt));
// remove port from domain
if domain.contains(':') { // Must not set cookie domain on localhost
domain = domain.split(':').collect::<Vec<_>>()[0].to_string(); // https://stackoverflow.com/a/1188145
let domain = data.domain().to_string();
if domain.starts_with("localhost") || domain.starts_with("127.0.0.1") {
cookie = cookie.domain(domain);
} }
Cookie::build((AUTH_COOKIE, jwt)) cookie
.domain(domain)
.same_site(SameSite::Strict) .same_site(SameSite::Strict)
.path("/") .path("/")
.http_only(true) .http_only(true)