]> Untitled Git - lemmy-ui.git/commitdiff
projects / lemmy-ui.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 967b0dd)
Adding JWT secure flag. (#426)
authorDessalines <dessalines@users.noreply.github.com>
Sat, 18 Sep 2021 21:59:28 +0000 (17:59 -0400)
committerGitHub <noreply@github.com>
Sat, 18 Sep 2021 21:59:28 +0000 (17:59 -0400)
- Couldn't add samesite due to isomorphic library.
- Couldn't add httponly, because the js needs it for calls.
- Fixes #389

src/shared/env.ts patch | blob | history
src/shared/services/UserService.ts patch | blob | history

diff --git a/src/shared/env.ts b/src/shared/env.ts
index 505b5c1b0d88249b377c4743bd95b4b07c5a3241..43b9ce0da50b9e2f61f1963275e75c7980bfde2e 100644 (file)
--- a/src/shared/env.ts
+++ b/src/shared/env.ts
@@ -37,9 +37,11 @@ export const httpBaseInternal = `http://${host}`; // Don't use secure here
 export const httpBase = `http${secure}://${host}`;
 export const wsUri = `ws${secure}://${wsHost}/api/v3/ws`;
 export const pictrsUri = `${httpBase}/pictrs/image`;
+export const isHttps = secure.endsWith("s");
 
 console.log(`httpbase: ${httpBase}`);
 console.log(`wsUri: ${wsUri}`);
+console.log(`isHttps: ${isHttps}`);
 
 // This is for html tags, don't include port
 const httpExternalUri = `http${secure}://${externalHost.split(":")[0]}`;
diff --git a/src/shared/services/UserService.ts b/src/shared/services/UserService.ts
index a0268c6dc2fd6ceb36009b90e582ca68c88f812c..c9351efdd1d038da888ba313bf850ea8772136db 100644 (file)
--- a/src/shared/services/UserService.ts
+++ b/src/shared/services/UserService.ts
@@ -3,6 +3,7 @@ import IsomorphicCookie from "isomorphic-cookie";
 import jwt_decode from "jwt-decode";
 import { LoginResponse, MyUserInfo } from "lemmy-js-client";
 import { BehaviorSubject, Subject } from "rxjs";
+import { isHttps } from "../env";
 
 interface Claims {
   sub: number;
@@ -31,17 +32,18 @@ export class UserService {
   public login(res: LoginResponse) {
     let expires = new Date();
     expires.setDate(expires.getDate() + 365);
-    IsomorphicCookie.save("jwt", res.jwt, { expires, secure: false });
+    IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps });
     console.log("jwt cookie set");
     this.setClaims(res.jwt);
   }
 
   public logout() {
-    IsomorphicCookie.remove("jwt");
     this.claims = undefined;
     this.myUserInfo = undefined;
     // setTheme();
     this.jwtSub.next("");
+    IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
+    document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.host;
     console.log("Logged out.");
   }
 
Unnamed repository; edit this file 'description' to name the repository.