[tor-commits] [snowflake-webext/main] Add secure and samesite flags to badge cookie
cohosh at torproject.org
cohosh at torproject.org
Fri Jul 30 13:47:20 UTC 2021
commit 47ab525ca498bf8699e043aa66c9cabe63d80bfd
Author: Cecylia Bocovich <cohosh at torproject.org>
Date: Thu Jul 29 08:08:58 2021 -0400
Add secure and samesite flags to badge cookie
It looks like there have been several browser security improvements to
prevent CSRF attacks. Chrome and Firefox now require cross-site cookies
to have the secure and samesite attributes set.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#samesite_attribute
https://www.chromium.org/updates/same-site
---
init-badge.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/init-badge.js b/init-badge.js
index 3de6159..171d5c0 100644
--- a/init-badge.js
+++ b/init-badge.js
@@ -100,7 +100,7 @@ var COOKIE_LIFETIME = "Thu, 01 Jan 2038 00:00:00 GMT";
var COOKIE_EXPIRE = "Thu, 01 Jan 1970 00:00:01 GMT";
function setSnowflakeCookie(val, expires) {
- document.cookie = `${COOKIE_NAME}=${val}; path=/; expires=${expires};`;
+ document.cookie = `${COOKIE_NAME}=${val}; path=/; expires=${expires}; secure=true; samesite=none;`;
}
const defaultLang = 'en_US';
More information about the tor-commits
mailing list