Include SameSite attribute on cookies.
This commit is contained in:
parent
bd3e055323
commit
5a70e3f3f1
3 changed files with 37 additions and 16 deletions
|
|
@ -62,20 +62,26 @@
|
|||
});
|
||||
};
|
||||
|
||||
MszSakuya.trackElements($qa('time'));
|
||||
hljs.highlightAll();
|
||||
try {
|
||||
MszSakuya.trackElements($qa('time'));
|
||||
hljs.highlightAll();
|
||||
|
||||
MszEmbed.init(`${location.protocol}//uiharu.${location.host}`);
|
||||
MszEmbed.init(`${location.protocol}//uiharu.${location.host}`);
|
||||
|
||||
// only used by the forum posting form
|
||||
initQuickSubmit();
|
||||
MszForumEditor($q('.js-forum-posting'));
|
||||
// only used by the forum posting form
|
||||
initQuickSubmit();
|
||||
const forumPostingForm = $q('.js-forum-posting');
|
||||
if(forumPostingForm !== null)
|
||||
MszForumEditor(forumPostingForm);
|
||||
|
||||
const events = new MszSeasonalEvents;
|
||||
events.add(new MszChristmas2019EventInfo);
|
||||
events.dispatch();
|
||||
const events = new MszSeasonalEvents;
|
||||
events.add(new MszChristmas2019EventInfo);
|
||||
events.dispatch();
|
||||
|
||||
await initLoginPage();
|
||||
await initLoginPage();
|
||||
|
||||
MszEmbed.handle($qa('.js-msz-embed-media'));
|
||||
MszEmbed.handle($qa('.js-msz-embed-media'));
|
||||
} catch(ex) {
|
||||
console.error(ex);
|
||||
}
|
||||
})();
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ define('MSZ_ASSETS', MSZ_ROOT . '/assets');
|
|||
require_once MSZ_ROOT . '/vendor/autoload.php';
|
||||
|
||||
Environment::setDebug(MSZ_DEBUG);
|
||||
mb_internal_encoding('utf-8');
|
||||
date_default_timezone_set('utc');
|
||||
mb_internal_encoding('UTF-8');
|
||||
date_default_timezone_set('UTC');
|
||||
|
||||
$cfg = SharpConfig::fromFile(MSZ_CONFIG . '/config.cfg');
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu\Auth;
|
||||
|
||||
// is this the right way to do this?
|
||||
use DateTimeImmutable;
|
||||
|
||||
// is this the right way to do this?
|
||||
final class AuthTokenCookie {
|
||||
public static function domain(): string {
|
||||
$url = parse_url($_SERVER['HTTP_HOST'], PHP_URL_HOST);
|
||||
|
|
@ -16,10 +17,24 @@ final class AuthTokenCookie {
|
|||
}
|
||||
|
||||
public static function apply(string $packed): void {
|
||||
setcookie('msz_auth', $packed, strtotime('+3 months'), '/', self::domain(), !empty($_SERVER['HTTPS']), true);
|
||||
$now = new DateTimeImmutable('now');
|
||||
$threeMonths = $now->modify('+3 months');
|
||||
|
||||
header(sprintf(
|
||||
'Set-Cookie: msz_auth=%s; Expires=%s; Max-Age=%d; Domain=%s; Path=/; SameSite=Lax; HttpOnly;%s',
|
||||
$packed,
|
||||
$threeMonths->format('D, d M Y H:i:s e'),
|
||||
$threeMonths->getTimestamp() - $now->getTimestamp(),
|
||||
self::domain(),
|
||||
filter_has_var(INPUT_SERVER, 'HTTPS') ? ' Secure' : ''
|
||||
));
|
||||
}
|
||||
|
||||
public static function nuke(): void {
|
||||
setcookie('msz_auth', '', -9001, '/', self::domain(), !empty($_SERVER['HTTPS']), true);
|
||||
header(sprintf(
|
||||
'Set-Cookie: msz_auth=; Expires=Wed, 31 Dec 1969 21:29:59 UTC; Max-Age=-9001; Domain=%s; Path=/; SameSite=Lax; HttpOnly;%s',
|
||||
self::domain(),
|
||||
filter_has_var(INPUT_SERVER, 'HTTPS') ? ' Secure' : ''
|
||||
));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue