Adding JWT secure flag. (#426)
- Couldn't add samesite due to isomorphic library. - Couldn't add httponly, because the js needs it for calls. - Fixes #389
This commit is contained in:
parent
967b0dd964
commit
bf93e29f4c
2 changed files with 6 additions and 2 deletions
|
@ -37,9 +37,11 @@ export const httpBaseInternal = `http://${host}`; // Don't use secure here
|
|||
export const httpBase = `http${secure}://${host}`;
|
||||
export const wsUri = `ws${secure}://${wsHost}/api/v3/ws`;
|
||||
export const pictrsUri = `${httpBase}/pictrs/image`;
|
||||
export const isHttps = secure.endsWith("s");
|
||||
|
||||
console.log(`httpbase: ${httpBase}`);
|
||||
console.log(`wsUri: ${wsUri}`);
|
||||
console.log(`isHttps: ${isHttps}`);
|
||||
|
||||
// This is for html tags, don't include port
|
||||
const httpExternalUri = `http${secure}://${externalHost.split(":")[0]}`;
|
||||
|
|
|
@ -3,6 +3,7 @@ import IsomorphicCookie from "isomorphic-cookie";
|
|||
import jwt_decode from "jwt-decode";
|
||||
import { LoginResponse, MyUserInfo } from "lemmy-js-client";
|
||||
import { BehaviorSubject, Subject } from "rxjs";
|
||||
import { isHttps } from "../env";
|
||||
|
||||
interface Claims {
|
||||
sub: number;
|
||||
|
@ -31,17 +32,18 @@ export class UserService {
|
|||
public login(res: LoginResponse) {
|
||||
let expires = new Date();
|
||||
expires.setDate(expires.getDate() + 365);
|
||||
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: false });
|
||||
IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps });
|
||||
console.log("jwt cookie set");
|
||||
this.setClaims(res.jwt);
|
||||
}
|
||||
|
||||
public logout() {
|
||||
IsomorphicCookie.remove("jwt");
|
||||
this.claims = undefined;
|
||||
this.myUserInfo = undefined;
|
||||
// setTheme();
|
||||
this.jwtSub.next("");
|
||||
IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
|
||||
document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.host;
|
||||
console.log("Logged out.");
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue