fedi/lemmy
1
0
Fork 0
mirror of https://github.com/LemmyNet/lemmy.git synced 2024-11-22 14:45:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove httpOnly requirement. (#4212)

Browse source
This commit is contained in:
Dessalines 2023-11-29 09:58:35 -05:00 committed by GitHub
parent 86990d5138
commit e84f8f55a2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
crates/api/src/lib.rs
View file

@ -84,10 +84,9 @@ pub fn read_auth_token(req: &HttpRequest) -> Result<Option<String>, LemmyError>
else if let Some(cookie) = &req.cookie(AUTH_COOKIE_NAME) { else if let Some(cookie) = &req.cookie(AUTH_COOKIE_NAME) {
// ensure that its marked as httponly and secure // ensure that its marked as httponly and secure
let secure = cookie.secure().unwrap_or_default(); let secure = cookie.secure().unwrap_or_default();
let http_only = cookie.http_only().unwrap_or_default();
let is_debug_mode = cfg!(debug_assertions); let is_debug_mode = cfg!(debug_assertions);
if !is_debug_mode && (!secure || !http_only) { if !is_debug_mode && !secure {
Err(LemmyError::from(LemmyErrorType::AuthCookieInsecure)) Err(LemmyError::from(LemmyErrorType::AuthCookieInsecure))
} else { } else {
Ok(Some(cookie.value().to_string())) Ok(Some(cookie.value().to_string()))