Set secure attribute on cookies if possible

Signed-off-by: Michal Kolodziejski <[email protected]>
hackmdio · May 5, 2021 · 1bfc5ca · 1bfc5ca
1 parent 4fed5af
commit 1bfc5ca
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 15 deletions.
diff --git a/app.js b/app.js
@@ -149,7 +149,8 @@ app.use(session({
   rolling: true, // reset maxAge on every response
   cookie: {
     maxAge: config.sessionLife,
-    sameSite: 'lax'
+    sameSite: 'lax',
+    secure: config.protocolUseSSL
   },
   store: sessionStore
 }))

diff --git a/public/js/index.js b/public/js/index.js
@@ -1633,7 +1633,8 @@ function toggleNightMode () {
   } else {
     Cookies.set('nightMode', !isActive, {
       expires: 365,
-      sameSite: 'Lax'
+      sameSite: 'Lax',
+      secure: window.location.protocol === 'https:'
     })
   }
 }

diff --git a/public/js/lib/common/login.js b/public/js/lib/common/login.js
@@ -20,12 +20,14 @@ export function resetCheckAuth () {
 export function setLoginState (bool, id) {
   Cookies.set('loginstate', bool, {
     expires: 365,
-    sameSite: 'Lax'
+    sameSite: 'Lax',
+    secure: window.location.protocol === 'https:'
   })
   if (id) {
     Cookies.set('userid', id, {
       expires: 365,
-      sameSite: 'Lax'
+      sameSite: 'Lax',
+      secure: window.location.protocol === 'https:'
     })
   } else {
     Cookies.remove('userid')

diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js
@@ -415,13 +415,15 @@ export default class Editor {
       if (this.editor.getOption('indentWithTabs')) {
         Cookies.set('indent_type', 'tab', {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
         type.text('Tab Size:')
       } else {
         Cookies.set('indent_type', 'space', {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
         type.text('Spaces:')
       }
@@ -433,12 +435,14 @@ export default class Editor {
       if (this.editor.getOption('indentWithTabs')) {
         Cookies.set('tab_size', unit, {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
       } else {
         Cookies.set('space_units', unit, {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
       }
       widthLabel.text(unit)
@@ -507,7 +511,8 @@ export default class Editor {
       var keymap = this.editor.getOption('keyMap')
       Cookies.set('keymap', keymap, {
         expires: 365,
-        sameSite: 'Lax'
+        sameSite: 'Lax',
+        secure: window.location.protocol === 'https:'
       })
       label.text(keymap)
       this.restoreOverrideEditorKeymap()
@@ -543,7 +548,8 @@ export default class Editor {
       this.editor.setOption('theme', theme)
       Cookies.set('theme', theme, {
         expires: 365,
-        sameSite: 'Lax'
+        sameSite: 'Lax',
+        secure: window.location.protocol === 'https:'
       })
       this.statusIndicators.find('.status-theme li').removeClass('active')
       this.statusIndicators.find(`.status-theme li[value="${theme}"]`).addClass('active')
@@ -646,7 +652,8 @@ export default class Editor {
 
         Cookies.set('spellcheck', false, {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
 
         self.editor.setOption('mode', defaultEditorMode)
@@ -655,7 +662,8 @@ export default class Editor {
 
         Cookies.set('spellcheck', lang, {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
 
         self.editor.setOption('mode', 'spell-checker')
@@ -677,7 +685,8 @@ export default class Editor {
       }
       Cookies.set('linter', true, {
         expires: 365,
-        sameSite: 'Lax'
+        sameSite: 'Lax',
+        secure: window.location.protocol === 'https:'
       })
     } else {
       this.editor.setOption('gutters', gutters.filter(g => g !== lintGutter))
@@ -727,7 +736,8 @@ export default class Editor {
     if (overrideBrowserKeymap.is(':checked')) {
       Cookies.set('preferences-override-browser-keymap', true, {
         expires: 365,
-        sameSite: 'Lax'
+        sameSite: 'Lax',
+        secure: window.location.protocol === 'https:'
       })
       this.restoreOverrideEditorKeymap()
     } else {

diff --git a/public/js/locale.js b/public/js/locale.js
@@ -26,7 +26,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected')
 locale.change(function () {
   Cookies.set('locale', $(this).val(), {
     expires: 365,
-    sameSite: 'Lax'
+    sameSite: 'Lax',
+    secure: window.location.protocol === 'https:'
   })
   window.location.reload()
 })