Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

luci-base: add another magic security attribute to the sysauth cookie

Browse source 
Fixes: #3585
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Jo-Philipp Wich 2020-01-29 09:07:51 +01:00
parent b8f65c340c
commit 885c97da53
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/luci-base/luasrc/dispatcher.lua
View file

@ -806,7 +806,7 @@ function dispatch(request)
return tpl.render("sysauth", { duser = "root", fuser = user })
end
http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{
http.header("Set-Cookie", 'sysauth=%s; path=%s; SameSite=Strict; HttpOnly%s' %{
sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or ""
})