indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

SameSite as Lax may be more secure. See https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00

main
Bob Mottram 2021-08-04 11:05:55 +01:00
parent 7844028260
commit 71f02ebff6
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
daemon.py
View File

@ -645,7 +645,7 @@ class PubServer(BaseHTTPRequestHandler):
self.send_response(200) self.send_response(200)
self.send_header('Content-type', fileFormat) self.send_header('Content-type', fileFormat)
self.send_header('Content-Length', str(length)) self.send_header('Content-Length', str(length))
self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') self.send_header('Set-Cookie', 'epicyon=; SameSite=Lax')
self.send_header('Host', callingDomain) self.send_header('Host', callingDomain)
self.send_header('WWW-Authenticate', self.send_header('WWW-Authenticate',
'title="Login to Epicyon", Basic realm="epicyon"') 'title="Login to Epicyon", Basic realm="epicyon"')
@ -668,7 +668,7 @@ class PubServer(BaseHTTPRequestHandler):
redirect) redirect)
self.send_response(303) self.send_response(303)
self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') self.send_header('Set-Cookie', 'epicyon=; SameSite=Lax')
self.send_header('Location', self._quoted_redirect(redirect)) self.send_header('Location', self._quoted_redirect(redirect))
self.send_header('Host', callingDomain) self.send_header('Host', callingDomain)
self.send_header('InstanceID', self.server.instanceId) self.send_header('InstanceID', self.server.instanceId)
@ -686,7 +686,7 @@ class PubServer(BaseHTTPRequestHandler):
if 'HttpOnly;' not in cookieStr: if 'HttpOnly;' not in cookieStr:
if self.server.httpPrefix == 'https': if self.server.httpPrefix == 'https':
cookieStr += '; Secure' cookieStr += '; Secure'
cookieStr += '; HttpOnly; SameSite=Strict' cookieStr += '; HttpOnly; SameSite=Lax'
self.send_header('Cookie', cookieStr) self.send_header('Cookie', cookieStr)
self.send_header('Host', callingDomain) self.send_header('Host', callingDomain)
self.send_header('InstanceID', self.server.instanceId) self.send_header('InstanceID', self.server.instanceId)
@ -766,7 +766,7 @@ class PubServer(BaseHTTPRequestHandler):
if 'HttpOnly;' not in cookieStr: if 'HttpOnly;' not in cookieStr:
if self.server.httpPrefix == 'https': if self.server.httpPrefix == 'https':
cookieStr += '; Secure' cookieStr += '; Secure'
cookieStr += '; HttpOnly; SameSite=Strict' cookieStr += '; HttpOnly; SameSite=Lax'
if not cookie.startswith('SET:'): if not cookie.startswith('SET:'):
self.send_header('Cookie', cookieStr) self.send_header('Cookie', cookieStr)
else: else:
@ -1430,7 +1430,7 @@ class PubServer(BaseHTTPRequestHandler):
del self.server.tokens[nickname] del self.server.tokens[nickname]
self._redirect_headers(self.server.httpPrefix + '://' + self._redirect_headers(self.server.httpPrefix + '://' +
self.server.domainFull + '/login', self.server.domainFull + '/login',
'epicyon=; SameSite=Strict', 'epicyon=; SameSite=Lax',
callingDomain) callingDomain)
def _benchmarkGETtimings(self, GETstartTime, GETtimings: {}, def _benchmarkGETtimings(self, GETstartTime, GETtimings: {},
@ -1640,7 +1640,7 @@ class PubServer(BaseHTTPRequestHandler):
index = self.server.tokens[loginNickname] index = self.server.tokens[loginNickname]
self.server.tokensLookup[index] = loginNickname self.server.tokensLookup[index] = loginNickname
cookieStr = 'SET:epicyon=' + \ cookieStr = 'SET:epicyon=' + \
self.server.tokens[loginNickname] + '; SameSite=Strict' self.server.tokens[loginNickname] + '; SameSite=Lax'
if callingDomain.endswith('.onion') and onionDomain: if callingDomain.endswith('.onion') and onionDomain:
self._redirect_headers('http://' + self._redirect_headers('http://' +
onionDomain + onionDomain +