flask: set cookie sr.ht.unified-login.v1 as HTTP-Only
The cookie that is used to authenticate user could be stolen, this happens because it is exposed to JavaScript: console.log(document.cookie) Because it is exposed, someone could potentially steal the cookie and use it as a bypass to get authenticated as a registered user, in the event of a successful XSS exploitation. References: - <https://security.stackexchange.com/questions/260296/can-someone-clone-my-session-id-cookie-and-login-as-me> - <https://flask.palletsprojects.com/en/2.3.x/api/#flask.Response.set_cookie> Signed-off-by: youkwhd <lolywk@tutanota.com>
This commit is contained in:
parent
9d194be927
commit
cc4467fcf4
|
@ -441,7 +441,9 @@ class SrhtFlask(Flask):
|
|||
if not g.current_user:
|
||||
# Clear user info cookie
|
||||
response.set_cookie(cookie_key, "",
|
||||
domain=global_domain, max_age=0)
|
||||
domain=global_domain,
|
||||
httponly=True,
|
||||
max_age=0)
|
||||
else:
|
||||
# Set user info cookie
|
||||
user_info = g.current_user.to_dict(first_party=True)
|
||||
|
@ -450,6 +452,7 @@ class SrhtFlask(Flask):
|
|||
response.set_cookie(cookie_key,
|
||||
fernet.encrypt(user_info.encode()).decode(),
|
||||
domain=global_domain,
|
||||
httponly=True,
|
||||
max_age=60 * 60 * 24 * 365)
|
||||
|
||||
path = request.path
|
||||
|
|
Loading…
Reference in New Issue