flashii/misuzu
flashii/misuzu
1
1
Fork 0
Code Issues Pull requests Releases 159 Wiki Activity Actions

Include SameSite attribute on cookies.

Browse source
This commit is contained in:
flash 2024-01-24 22:14:42 +00:00
parent bd3e055323
commit 5a70e3f3f1
3 changed files with 37 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
assets/misuzu.js/main.js
View file

@ -62,6 +62,7 @@
}); });
}; };
try {
MszSakuya.trackElements($qa('time')); MszSakuya.trackElements($qa('time'));
hljs.highlightAll(); hljs.highlightAll();
@ -69,7 +70,9 @@
// only used by the forum posting form // only used by the forum posting form
initQuickSubmit(); initQuickSubmit();
MszForumEditor($q('.js-forum-posting')); const forumPostingForm = $q('.js-forum-posting');
if(forumPostingForm !== null)
MszForumEditor(forumPostingForm);
const events = new MszSeasonalEvents; const events = new MszSeasonalEvents;
events.add(new MszChristmas2019EventInfo); events.add(new MszChristmas2019EventInfo);
@ -78,4 +81,7 @@
await initLoginPage(); await initLoginPage();
MszEmbed.handle($qa('.js-msz-embed-media')); MszEmbed.handle($qa('.js-msz-embed-media'));
} catch(ex) {
console.error(ex);
}
})(); })();

4
misuzu.php
View file

@ -20,8 +20,8 @@ define('MSZ_ASSETS', MSZ_ROOT . '/assets');
require_once MSZ_ROOT . '/vendor/autoload.php'; require_once MSZ_ROOT . '/vendor/autoload.php';
Environment::setDebug(MSZ_DEBUG); Environment::setDebug(MSZ_DEBUG);
mb_internal_encoding('utf-8'); mb_internal_encoding('UTF-8');
date_default_timezone_set('utc'); date_default_timezone_set('UTC');
$cfg = SharpConfig::fromFile(MSZ_CONFIG . '/config.cfg'); $cfg = SharpConfig::fromFile(MSZ_CONFIG . '/config.cfg');

21
src/Auth/AuthTokenCookie.php
View file

@ -1,8 +1,9 @@
<?php <?php
namespace Misuzu\Auth; namespace Misuzu\Auth;
// is this the right way to do this? use DateTimeImmutable;
// is this the right way to do this?
final class AuthTokenCookie { final class AuthTokenCookie {
public static function domain(): string { public static function domain(): string {
$url = parse_url($_SERVER['HTTP_HOST'], PHP_URL_HOST); $url = parse_url($_SERVER['HTTP_HOST'], PHP_URL_HOST);
@ -16,10 +17,24 @@ final class AuthTokenCookie {
} }
public static function apply(string $packed): void { public static function apply(string $packed): void {
setcookie('msz_auth', $packed, strtotime('+3 months'), '/', self::domain(), !empty($_SERVER['HTTPS']), true); $now = new DateTimeImmutable('now');
$threeMonths = $now->modify('+3 months');
header(sprintf(
'Set-Cookie: msz_auth=%s; Expires=%s; Max-Age=%d; Domain=%s; Path=/; SameSite=Lax; HttpOnly;%s',
$packed,
$threeMonths->format('D, d M Y H:i:s e'),
$threeMonths->getTimestamp() - $now->getTimestamp(),
self::domain(),
filter_has_var(INPUT_SERVER, 'HTTPS') ? ' Secure' : ''
));
} }
public static function nuke(): void { public static function nuke(): void {
setcookie('msz_auth', '', -9001, '/', self::domain(), !empty($_SERVER['HTTPS']), true); header(sprintf(
'Set-Cookie: msz_auth=; Expires=Wed, 31 Dec 1969 21:29:59 UTC; Max-Age=-9001; Domain=%s; Path=/; SameSite=Lax; HttpOnly;%s',
self::domain(),
filter_has_var(INPUT_SERVER, 'HTTPS') ? ' Secure' : ''
));
} }
} }