luci-base: harden cookie sysauth=
A simple scan of the code indicates that currently no code in the repo is accessing the sysauth= cookie Closes openwrt/luci#1555 Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This commit is contained in:
Yousong Zhou
parent
88a1f8f407
commit
2f0f456b71
1 changed files with 3 additions and 1 deletions
|
|
@ -428,7 +428,9 @@ function dispatch(request)
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() })
|
http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{
|
||||||
|
sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
|
||||||
|
})
|
||||||
http.redirect(build_url(unpack(ctx.requestpath)))
|
http.redirect(build_url(unpack(ctx.requestpath)))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue