From a2325209fb91c5a08a8fee665433f8825930e9cc Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 21 Jun 2020 12:23:59 +0000 Subject: [PATCH] Simplify --- daemon.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/daemon.py b/daemon.py index 22b5807a..51d7702a 100644 --- a/daemon.py +++ b/daemon.py @@ -489,7 +489,12 @@ class PubServer(BaseHTTPRequestHandler): if length > -1: self.send_header('Content-Length', str(length)) if cookie: - self.send_header('Cookie', cookie) + cookieStr = cookie + if 'HttpOnly;' not in cookieStr: + if self.server.httpPrefix == 'https': + cookieStr += '; Secure' + cookieStr += '; HttpOnly; SameSite=Strict' + self.send_header('Cookie', cookieStr) self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('X-Robots-Tag', 'noindex') @@ -564,18 +569,15 @@ class PubServer(BaseHTTPRequestHandler): self.send_response(303) if cookie: - if not cookie.startswith('SET:'): - cookieStr = cookie + cookieStr = cookie.replace('SET:', '').strip() + if 'HttpOnly;' not in cookieStr: if self.server.httpPrefix == 'https': cookieStr += '; Secure' cookieStr += '; HttpOnly; SameSite=Strict' + if not cookie.startswith('SET:'): self.send_header('Cookie', cookieStr) else: - setCookieStr = cookie.replace('SET:', '').strip() - if self.server.httpPrefix == 'https': - setCookieStr += '; Secure' - setCookieStr += '; HttpOnly; SameSite=Strict' - self.send_header('Set-Cookie', setCookieStr) + self.send_header('Set-Cookie', cookieStr) self.send_header('Location', redirect) self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId)