mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 07:56:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

cookies: Use Lax instead of Strict for SameSite

Browse source
This commit is contained in:
Richard Hansen 2020-10-02 22:32:44 -04:00 committed by John McLear
parent 3ab0f30ac8
commit bf53162cdd
2 changed files with 6 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/static/js/pad_utils.js
View file

@ -532,7 +532,9 @@ padutils.binarySearch = require('./ace2_common').binarySearch;
// window object.
if (typeof window !== 'undefined') {
exports.Cookies = require('js-cookie/src/js.cookie');
exports.Cookies.defaults.sameSite = window.location.protocol === 'https:' ? 'Strict' : 'Lax';
// `Strict` is not used because it has few security benefits but significant usability drawbacks
// vs. `Lax`. See https://stackoverflow.com/q/41841880 for discussion.
exports.Cookies.defaults.sameSite = 'Lax';
exports.Cookies.defaults.secure = window.location.protocol === 'https:';
}
exports.randomString = randomString;