mj-saunders
/
rsstootalizer
2
2
Fork 0
Code Issues Pull Requests Releases Wiki Activity

try to prevent CSRF for session_id

master
Benjamin Schieder 2017-04-26 07:45:20 +01:00
parent 0e83b8d0de
commit 6af8cd9ba0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
RSSTootalizer/Website/Callback.pm
View File

@ -61,7 +61,7 @@ sub prerender {
RSSTootalizer::DB->doINSERT("INSERT INTO users (username, username_sha256, instance, instance_sha256, access_token, session_id) VALUES (?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE access_token=?, session_id=?", $$reply{acct}, sha256_base64($$reply{acct}), $instance, sha256_base64($instance), $token, $session_id, $token, $session_id); RSSTootalizer::DB->doINSERT("INSERT INTO users (username, username_sha256, instance, instance_sha256, access_token, session_id) VALUES (?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE access_token=?, session_id=?", $$reply{acct}, sha256_base64($$reply{acct}), $instance, sha256_base64($instance), $token, $session_id, $token, $session_id);
$self->{"set_cookie"} = ("session_id=".$session_id); $self->{"set_cookie"} = ("session_id=".$session_id."; SameSite=strict");
} }
1; 1;