Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

luci-base: add another magic security attribute to the sysauth cookie

Browse source 
Fixes: #3585
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 885c97da53)
This commit is contained in:
Jo-Philipp Wich 2020-01-29 09:07:51 +01:00
parent 3f5a67b62e
commit 5879390cd1
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/luci-base/luasrc/dispatcher.lua
View file

@ -514,7 +514,7 @@ function dispatch(request)
return return
end end
http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{ http.header("Set-Cookie", 'sysauth=%s; path=%s; SameSite=Strict; HttpOnly%s' %{
sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or "" sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
}) })
http.redirect(build_url(unpack(ctx.requestpath))) http.redirect(build_url(unpack(ctx.requestpath)))