Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-05-02 14:36:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

re-lax samesite cookie policy

Browse source 
As per discussion in code review:

> Cookies are always scoped in browsers. That's not the issue. SameSite attribute just protects against CSRF attacks. But Get requests (aka links) are also "protected" with Strict, which breaks it… and for users that is highly confusing when they (apparently arbitrarily) do not get the language they have set before when clicking a link.

https://github.com/PrivateBin/PrivateBin/pull/1287#discussion_r1589299210
This commit is contained in:
El RIDO 2024-05-04 12:12:31 +02:00
parent 5425ea79f8
commit 81fdf8ebfc
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
6 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
js/privatebin.js
View file

@ -3855,7 +3855,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
*/
function setLanguage(event)
{
document.cookie = 'lang=' + $(event.target).data('lang') + '; SameSite=Strict; Secure';
document.cookie = 'lang=' + $(event.target).data('lang') + '; SameSite=Lax; Secure';
UiHelper.reloadHome();
event.preventDefault();
}