Ailur
/
burgercat
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed migration and made cookies more secure

This commit is contained in:
Tracker-Friendly 2024-05-16 16:48:22 +01:00
parent 5a13b2976d
commit 0bfad634d8
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
main
View File

@ -663,8 +663,8 @@ async def login():
conn.close() conn.close()
response = Response("""<script>window.location.href = "/oauth";</script>""") response = Response("""<script>window.location.href = "/oauth";</script>""")
response.set_cookie("session_DO_NOT_SHARE", randomCharacters) response.set_cookie("session_DO_NOT_SHARE", randomCharacters, samesite="Strict", secure=True)
response.set_cookie("legacy_migrate", "1") response.set_cookie("legacy_migrate", "1", samesite="Strict", secure=True)
return response return response
#resp = await make_response(redirect("/")) #resp = await make_response(redirect("/"))

2
templates/migrate.html
View File

@ -121,7 +121,7 @@
.then((response) => { .then((response) => {
async function doStuff2() { async function doStuff2() {
if (response.status == 200) { if (response.status == 200) {
document.cookie = 'legacy_migrate=; Max-Age=0; path=/;" document.cookie = "legacy_migrate=; Max-Age=0; path=/;"
window.location.replace("/") window.location.replace("/")
} else { } else {
document.getElementById("text").innerText = "Failed: " + key["error"] document.getElementById("text").innerText = "Failed: " + key["error"]

4
templates/oauth.html
View File

@ -59,7 +59,7 @@
function cuser_authorize() { function cuser_authorize() {
document.cookie = "prefuser" + "=" + window.prompt("Choose your custom username (cannot be longer than 20 characters)") + "; expires=Session" + "; path=/" + "; samesite=Strict"; document.cookie = "prefuser" + "=" + window.prompt("Choose your custom username (cannot be longer than 20 characters)") + "; expires=Session" + "; path=/" + "; samesite=Strict; secure=true;";
authorize() authorize()
} }
@ -137,7 +137,7 @@
async function doStuff2() { async function doStuff2() {
let key = await response.json() let key = await response.json()
if (response.status == 200) { if (response.status == 200) {
document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict"; document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict; secure=true;"
window.location.replace("/") window.location.replace("/")
} else if (response.status == 422) { } else if (response.status == 422) {
document.getElementById("text").innerText = "Username taken. Migrate or choose a new custom username!" document.getElementById("text").innerText = "Username taken. Migrate or choose a new custom username!"