[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [snowflake-webext/main] Add secure and samesite flags to badge cookie
commit 47ab525ca498bf8699e043aa66c9cabe63d80bfd
Author: Cecylia Bocovich <cohosh@xxxxxxxxxxxxxx>
Date: Thu Jul 29 08:08:58 2021 -0400
Add secure and samesite flags to badge cookie
It looks like there have been several browser security improvements to
prevent CSRF attacks. Chrome and Firefox now require cross-site cookies
to have the secure and samesite attributes set.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#samesite_attribute
https://www.chromium.org/updates/same-site
---
init-badge.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init-badge.js b/init-badge.js
index 3de6159..171d5c0 100644
--- a/init-badge.js
+++ b/init-badge.js
@@ -100,7 +100,7 @@ var COOKIE_LIFETIME = "Thu, 01 Jan 2038 00:00:00 GMT";
var COOKIE_EXPIRE = "Thu, 01 Jan 1970 00:00:01 GMT";
function setSnowflakeCookie(val, expires) {
- document.cookie = `${COOKIE_NAME}=${val}; path=/; expires=${expires};`;
+ document.cookie = `${COOKIE_NAME}=${val}; path=/; expires=${expires}; secure=true; samesite=none;`;
}
const defaultLang = 'en_US';
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits