From 93d5980f0534e6e419a59e8510eaab18c939cc41 Mon Sep 17 00:00:00 2001 From: calzoneman Date: Wed, 26 Feb 2014 10:50:59 -0600 Subject: [PATCH] Fix cross-domain cookie issue --- config.template.yaml | 3 +++ lib/config.js | 1 + lib/web/auth.js | 1 + lib/web/jade.js | 4 +++- lib/web/webserver.js | 11 ++++++----- templates/nav.jade | 4 +++- www/js/callbacks.js | 14 ++++++++++++++ 7 files changed, 31 insertions(+), 7 deletions(-) diff --git a/config.template.yaml b/config.template.yaml index ea40cbff..fadf9cce 100644 --- a/config.template.yaml +++ b/config.template.yaml @@ -15,6 +15,9 @@ http: host: '' port: 8080 domain: 'http://localhost' + # Specifies the root domain for cookies. If you have multiple domains + # e.g. a.example.com and b.example.com, the root domain is example.com + root-domain: 'localhost' # Use express-minify to minify CSS and Javascript minify: false # Static content cache (in seconds) diff --git a/lib/config.js b/lib/config.js index 8fcb37a7..0d037ddf 100644 --- a/lib/config.js +++ b/lib/config.js @@ -26,6 +26,7 @@ var defaults = { host: "", port: 8080, domain: "http://localhost", + "root-domain": "localhost", minify: false, "cache-ttl": 0 }, diff --git a/lib/web/auth.js b/lib/web/auth.js index 395f17dc..179511f2 100644 --- a/lib/web/auth.js +++ b/lib/web/auth.js @@ -106,6 +106,7 @@ function handleLoginPage(req, res) { */ function handleLogout(req, res) { res.clearCookie("auth"); + res.clearCookie("auth", { domain: Config.get("http.root-domain") }); // Try to find an appropriate redirect var ref = req.header("referrer"); if (!ref) { diff --git a/lib/web/jade.js b/lib/web/jade.js index e11902bb..8966f998 100644 --- a/lib/web/jade.js +++ b/lib/web/jade.js @@ -13,7 +13,9 @@ function merge(locals) { var _locals = { siteTitle: Config.get("html-template.title"), siteDescription: Config.get("html-template.description"), - siteAuthor: "Calvin 'calzoneman' 'cyzon' Montgomery" + siteAuthor: "Calvin 'calzoneman' 'cyzon' Montgomery", + loginDomain: Config.get("https.enabled") ? Config.get("https.domain")+":"+Config.get("https.port") + : Config.get("http.domain")+":"+Config.get("http.port") }; if (typeof locals !== "object") { return _locals; diff --git a/lib/web/webserver.js b/lib/web/webserver.js index a96c0054..0f6d0969 100644 --- a/lib/web/webserver.js +++ b/lib/web/webserver.js @@ -64,12 +64,13 @@ function logRequest(req, status) { function cookieall(res, name, val, opts) { res.cookie(name, val, opts); - opts.domain = Config.get("http.domain"); - res.cookie(name, val, opts); - if (Config.get("https.enabled")) { - opts.domain = Config.get("https.domain"); - res.cookie(name, val, opts); + + opts.domain = Config.get("http.root-domain"); + if (Config.get("http.domain").indexOf(opts.domain) === -1) { + opts.domain = Config.get("http.domain"); } + + res.cookie(name, val, opts); } /** diff --git a/templates/nav.jade b/templates/nav.jade index c0e977c4..440f5543 100644 --- a/templates/nav.jade +++ b/templates/nav.jade @@ -44,7 +44,9 @@ mixin navloginlogout(redirect) mixin navloginform(redirect) .visible-md.visible-lg - form#loginform.navbar-form.navbar-right(action="/login", method="post") + if loginDomain == null + - loginDomain = "" + form#loginform.navbar-form.navbar-right(action="#{loginDomain}/login", method="post") input(type="hidden", name="redirect", value=redirect) .form-group input#username.form-control(type="text", name="name", placeholder="Username") diff --git a/www/js/callbacks.js b/www/js/callbacks.js index 512fb2f8..ea45fed2 100644 --- a/www/js/callbacks.js +++ b/www/js/callbacks.js @@ -445,6 +445,20 @@ Callbacks = { if (!CLIENT.guest) { socket.emit("initUserPLCallbacks"); + var logoutform = $("

").attr("id", "logoutform") + .addClass("navbar-text pull-right") + .insertAfter($("#loginform")); + + $("").attr("id", "welcome").text("Welcome, " + CLIENT.name) + .appendTo(logoutform); + $("").html(" · ").appendTo(logoutform); + var domain = $("#loginform").attr("action").replace("/login", ""); + $("").attr("id", "logout") + .attr("href", domain + "/logout?redirect=/r/" + CHANNEL.name) + .text("Logout") + .appendTo(logoutform); + + $("#loginform").remove(); } } },