From fceb9ab0cd9ac33f36cb2623776ddfd6808c73d8 Mon Sep 17 00:00:00 2001 From: Trinity Pointard Date: Sun, 30 Sep 2018 11:56:12 +0200 Subject: [PATCH] Update cookie management a bit Update to latest rocket_csrf Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275) --- Cargo.lock | 6 +++--- Cargo.toml | 2 +- src/main.rs | 2 +- src/routes/session.rs | 6 ++++-- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 89073a4c..c185e8da 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1485,7 +1485,7 @@ dependencies = [ "rocket 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)", "rocket_codegen 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)", "rocket_contrib 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)", - "rocket_csrf 0.1.0 (git+https://github.com/fdb-hiroshima/rocket_csrf?rev=5d23ba4c6c2ee4c41040d428d24344db3d29997f)", + "rocket_csrf 0.1.0 (git+https://github.com/fdb-hiroshima/rocket_csrf?rev=b326a9893a1849c9abdb39cab9fd7c4a52eb9674)", "rocket_i18n 0.1.1 (git+https://github.com/BaptisteGelez/rocket_i18n?rev=75a3bfd7b847324c078a355a7f101f8241a9f59b)", "rpassword 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.77 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1861,7 +1861,7 @@ dependencies = [ [[package]] name = "rocket_csrf" version = "0.1.0" -source = "git+https://github.com/fdb-hiroshima/rocket_csrf?rev=5d23ba4c6c2ee4c41040d428d24344db3d29997f#5d23ba4c6c2ee4c41040d428d24344db3d29997f" +source = "git+https://github.com/fdb-hiroshima/rocket_csrf?rev=b326a9893a1849c9abdb39cab9fd7c4a52eb9674#b326a9893a1849c9abdb39cab9fd7c4a52eb9674" dependencies = [ "csrf 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)", "data-encoding 2.1.1 (registry+https://github.com/rust-lang/crates.io-index)", @@ -2963,7 +2963,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum rocket_codegen 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)" = "" "checksum rocket_codegen_next 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)" = "" "checksum rocket_contrib 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)" = "" -"checksum rocket_csrf 0.1.0 (git+https://github.com/fdb-hiroshima/rocket_csrf?rev=5d23ba4c6c2ee4c41040d428d24344db3d29997f)" = "" +"checksum rocket_csrf 0.1.0 (git+https://github.com/fdb-hiroshima/rocket_csrf?rev=b326a9893a1849c9abdb39cab9fd7c4a52eb9674)" = "" "checksum rocket_http 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)" = "" "checksum rocket_i18n 0.1.1 (git+https://github.com/BaptisteGelez/rocket_i18n?rev=75a3bfd7b847324c078a355a7f101f8241a9f59b)" = "" "checksum rpassword 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d127299b02abda51634f14025aec43ae87a7aa7a95202b6a868ec852607d1451" diff --git a/Cargo.toml b/Cargo.toml index ffc3b203..e7001d91 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,7 +56,7 @@ rev = "55459db7732b9a240826a5c120c650f87e3372ce" [dependencies.rocket_csrf] git = "https://github.com/fdb-hiroshima/rocket_csrf" -rev = "5d23ba4c6c2ee4c41040d428d24344db3d29997f" +rev = "b326a9893a1849c9abdb39cab9fd7c4a52eb9674" [dependencies.rocket_i18n] git = "https://github.com/BaptisteGelez/rocket_i18n" diff --git a/src/main.rs b/src/main.rs index d58134f5..9671ad46 100644 --- a/src/main.rs +++ b/src/main.rs @@ -165,7 +165,7 @@ fn main() { .add_exceptions(vec![ ("/inbox".to_owned(), "/inbox".to_owned(), rocket::http::Method::Post), ("/@//inbox".to_owned(), "/@//inbox".to_owned(), rocket::http::Method::Post), - ("/~//".to_owned(), "/~//".to_owned(), rocket::http::Method::Post), + ("/login".to_owned(), "/login".to_owned(), rocket::http::Method::Post), ]) .finalize().unwrap()) .launch(); diff --git a/src/routes/session.rs b/src/routes/session.rs index 8955dcc5..e76f3e6e 100644 --- a/src/routes/session.rs +++ b/src/routes/session.rs @@ -1,5 +1,5 @@ use rocket::{ - http::{Cookie, Cookies, uri::Uri}, + http::{Cookie, Cookies, SameSite, uri::Uri}, response::Redirect, request::{LenientForm,FlashMessage} }; @@ -72,7 +72,9 @@ fn create(conn: DbConn, data: LenientForm, flash: Option