Update cookie management a bit
Update to latest rocket_csrf Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
This commit is contained in:
+1
-1
@@ -165,7 +165,7 @@ fn main() {
|
||||
.add_exceptions(vec![
|
||||
("/inbox".to_owned(), "/inbox".to_owned(), rocket::http::Method::Post),
|
||||
("/@/<name>/inbox".to_owned(), "/@/<name>/inbox".to_owned(), rocket::http::Method::Post),
|
||||
("/~/<blog>/<slug>".to_owned(), "/~/<blog>/<slug>".to_owned(), rocket::http::Method::Post),
|
||||
("/login".to_owned(), "/login".to_owned(), rocket::http::Method::Post),
|
||||
])
|
||||
.finalize().unwrap())
|
||||
.launch();
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
use rocket::{
|
||||
http::{Cookie, Cookies, uri::Uri},
|
||||
http::{Cookie, Cookies, SameSite, uri::Uri},
|
||||
response::Redirect,
|
||||
request::{LenientForm,FlashMessage}
|
||||
};
|
||||
@@ -72,7 +72,9 @@ fn create(conn: DbConn, data: LenientForm<LoginForm>, flash: Option<FlashMessage
|
||||
}
|
||||
|
||||
if errors.is_empty() {
|
||||
cookies.add_private(Cookie::new(AUTH_COOKIE, user.unwrap().id.to_string()));
|
||||
cookies.add_private(Cookie::build(AUTH_COOKIE, user.unwrap().id.to_string())
|
||||
.same_site(SameSite::Lax)
|
||||
.finish());
|
||||
|
||||
let destination = flash
|
||||
.and_then(|f| if f.name() == "callback" {
|
||||
|
||||
Reference in New Issue
Block a user