Adding JWT secure flag. (#426)

- Couldn't add samesite due to isomorphic library.
- Couldn't add httponly, because the js needs it for calls.
- Fixes #389

src/shared/env.ts

@@ -37,9 +37,11 @@ export const httpBaseInternal = `http://${host}`; // Don't use secure here
 export const httpBase = `http${secure}://${host}`;
 export const wsUri = `ws${secure}://${wsHost}/api/v3/ws`;
 export const pictrsUri = `${httpBase}/pictrs/image`;
+export const isHttps = secure.endsWith("s");
 
 console.log(`httpbase: ${httpBase}`);
 console.log(`wsUri: ${wsUri}`);
+console.log(`isHttps: ${isHttps}`);
 
 // This is for html tags, don't include port
 const httpExternalUri = `http${secure}://${externalHost.split(":")[0]}`;

src/shared/services/UserService.ts

@@ -3,6 +3,7 @@ import IsomorphicCookie from "isomorphic-cookie";
 import jwt_decode from "jwt-decode";
 import { LoginResponse, MyUserInfo } from "lemmy-js-client";
 import { BehaviorSubject, Subject } from "rxjs";
+import { isHttps } from "../env";
 
 interface Claims {
   sub: number;
@@ -31,17 +32,18 @@ export class UserService {
   public login(res: LoginResponse) {
     let expires = new Date();
     expires.setDate(expires.getDate() + 365);
-    IsomorphicCookie.save("jwt", res.jwt, { expires, secure: false });
+    IsomorphicCookie.save("jwt", res.jwt, { expires, secure: isHttps });
     console.log("jwt cookie set");
     this.setClaims(res.jwt);
   }
 
   public logout() {
-    IsomorphicCookie.remove("jwt");
     this.claims = undefined;
     this.myUserInfo = undefined;
     // setTheme();
     this.jwtSub.next("");
+    IsomorphicCookie.remove("jwt"); // TODO is sometimes unreliable for some reason
+    document.cookie = "jwt=; Max-Age=0; path=/; domain=" + location.host;
     console.log("Logged out.");
   }