Update cookie management a bit

Update to latest rocket_csrf
Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
This commit is contained in:
Trinity Pointard
2018-09-30 11:56:12 +02:00
parent 1e3f40833d
commit fceb9ab0cd
4 changed files with 9 additions and 7 deletions
+1 -1
View File
@@ -165,7 +165,7 @@ fn main() {
.add_exceptions(vec![
("/inbox".to_owned(), "/inbox".to_owned(), rocket::http::Method::Post),
("/@/<name>/inbox".to_owned(), "/@/<name>/inbox".to_owned(), rocket::http::Method::Post),
("/~/<blog>/<slug>".to_owned(), "/~/<blog>/<slug>".to_owned(), rocket::http::Method::Post),
("/login".to_owned(), "/login".to_owned(), rocket::http::Method::Post),
])
.finalize().unwrap())
.launch();
+4 -2
View File
@@ -1,5 +1,5 @@
use rocket::{
http::{Cookie, Cookies, uri::Uri},
http::{Cookie, Cookies, SameSite, uri::Uri},
response::Redirect,
request::{LenientForm,FlashMessage}
};
@@ -72,7 +72,9 @@ fn create(conn: DbConn, data: LenientForm<LoginForm>, flash: Option<FlashMessage
}
if errors.is_empty() {
cookies.add_private(Cookie::new(AUTH_COOKIE, user.unwrap().id.to_string()));
cookies.add_private(Cookie::build(AUTH_COOKIE, user.unwrap().id.to_string())
.same_site(SameSite::Lax)
.finish());
let destination = flash
.and_then(|f| if f.name() == "callback" {