Fixed migration and made cookies more secure

2024-05-16 16:48:22 +01:00 · 2024-05-16 16:48:22 +01:00 · 0bfad634d8
parent 5a13b2976d
commit 0bfad634d8
3 changed files with 5 additions and 5 deletions
--- a/4
+++ b/4
@ -663,8 +663,8 @@ async def login():
        conn.close()

        response = Response("""<script>window.location.href = "/oauth";</script>""")
-        response.set_cookie("session_DO_NOT_SHARE", randomCharacters)
-        response.set_cookie("legacy_migrate", "1")
+        response.set_cookie("session_DO_NOT_SHARE", randomCharacters, samesite="Strict", secure=True)
+        response.set_cookie("legacy_migrate", "1", samesite="Strict", secure=True)
        return response

        #resp = await make_response(redirect("/"))
--- a/templates/migrate.html
+++ b/templates/migrate.html
@ -121,7 +121,7 @@
                        .then((response) => {
                            async function doStuff2() {
                                if (response.status == 200) {
-document.cookie = 'legacy_migrate=; Max-Age=0; path=/;"
+                                    document.cookie = "legacy_migrate=; Max-Age=0; path=/;"
                                    window.location.replace("/")
                                } else {
                                    document.getElementById("text").innerText = "Failed: " + key["error"]
--- a/templates/oauth.html
+++ b/templates/oauth.html
@ -59,7 +59,7 @@


        function cuser_authorize() {
-            document.cookie = "prefuser" + "=" + window.prompt("Choose your custom username (cannot be longer than 20 characters)") + "; expires=Session" + "; path=/" + "; samesite=Strict";
+            document.cookie = "prefuser" + "=" + window.prompt("Choose your custom username (cannot be longer than 20 characters)") + "; expires=Session" + "; path=/" + "; samesite=Strict; secure=true;";
            authorize()
        }

@ -137,7 +137,7 @@
                            async function doStuff2() {
                                let key = await response.json()
                                if (response.status == 200) {
-                                    document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict";
+                                    document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict; secure=true;"
                                    window.location.replace("/")
                                } else if (response.status == 422) {
                                    document.getElementById("text").innerText = "Username taken. Migrate or choose a new custom username!"