Include SameSite attribute on cookies.

This commit is contained in:
flash 2024-01-24 22:14:42 +00:00
parent bd3e055323
commit 5a70e3f3f1
3 changed files with 37 additions and 16 deletions

View file

@ -62,20 +62,26 @@
});
};
MszSakuya.trackElements($qa('time'));
hljs.highlightAll();
try {
MszSakuya.trackElements($qa('time'));
hljs.highlightAll();
MszEmbed.init(`${location.protocol}//uiharu.${location.host}`);
MszEmbed.init(`${location.protocol}//uiharu.${location.host}`);
// only used by the forum posting form
initQuickSubmit();
MszForumEditor($q('.js-forum-posting'));
// only used by the forum posting form
initQuickSubmit();
const forumPostingForm = $q('.js-forum-posting');
if(forumPostingForm !== null)
MszForumEditor(forumPostingForm);
const events = new MszSeasonalEvents;
events.add(new MszChristmas2019EventInfo);
events.dispatch();
const events = new MszSeasonalEvents;
events.add(new MszChristmas2019EventInfo);
events.dispatch();
await initLoginPage();
await initLoginPage();
MszEmbed.handle($qa('.js-msz-embed-media'));
MszEmbed.handle($qa('.js-msz-embed-media'));
} catch(ex) {
console.error(ex);
}
})();

View file

@ -20,8 +20,8 @@ define('MSZ_ASSETS', MSZ_ROOT . '/assets');
require_once MSZ_ROOT . '/vendor/autoload.php';
Environment::setDebug(MSZ_DEBUG);
mb_internal_encoding('utf-8');
date_default_timezone_set('utc');
mb_internal_encoding('UTF-8');
date_default_timezone_set('UTC');
$cfg = SharpConfig::fromFile(MSZ_CONFIG . '/config.cfg');

View file

@ -1,8 +1,9 @@
<?php
namespace Misuzu\Auth;
// is this the right way to do this?
use DateTimeImmutable;
// is this the right way to do this?
final class AuthTokenCookie {
public static function domain(): string {
$url = parse_url($_SERVER['HTTP_HOST'], PHP_URL_HOST);
@ -16,10 +17,24 @@ final class AuthTokenCookie {
}
public static function apply(string $packed): void {
setcookie('msz_auth', $packed, strtotime('+3 months'), '/', self::domain(), !empty($_SERVER['HTTPS']), true);
$now = new DateTimeImmutable('now');
$threeMonths = $now->modify('+3 months');
header(sprintf(
'Set-Cookie: msz_auth=%s; Expires=%s; Max-Age=%d; Domain=%s; Path=/; SameSite=Lax; HttpOnly;%s',
$packed,
$threeMonths->format('D, d M Y H:i:s e'),
$threeMonths->getTimestamp() - $now->getTimestamp(),
self::domain(),
filter_has_var(INPUT_SERVER, 'HTTPS') ? ' Secure' : ''
));
}
public static function nuke(): void {
setcookie('msz_auth', '', -9001, '/', self::domain(), !empty($_SERVER['HTTPS']), true);
header(sprintf(
'Set-Cookie: msz_auth=; Expires=Wed, 31 Dec 1969 21:29:59 UTC; Max-Age=-9001; Domain=%s; Path=/; SameSite=Lax; HttpOnly;%s',
self::domain(),
filter_has_var(INPUT_SERVER, 'HTTPS') ? ' Secure' : ''
));
}
}