Update cookie management a bit

Update to latest rocket_csrf
Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
This commit is contained in:
Trinity Pointard
2018-09-30 11:56:12 +02:00
parent 1e3f40833d
commit fceb9ab0cd
4 changed files with 9 additions and 7 deletions
+4 -2
View File
@@ -1,5 +1,5 @@
use rocket::{
http::{Cookie, Cookies, uri::Uri},
http::{Cookie, Cookies, SameSite, uri::Uri},
response::Redirect,
request::{LenientForm,FlashMessage}
};
@@ -72,7 +72,9 @@ fn create(conn: DbConn, data: LenientForm<LoginForm>, flash: Option<FlashMessage
}
if errors.is_empty() {
cookies.add_private(Cookie::new(AUTH_COOKIE, user.unwrap().id.to_string()));
cookies.add_private(Cookie::build(AUTH_COOKIE, user.unwrap().id.to_string())
.same_site(SameSite::Lax)
.finish());
let destination = flash
.and_then(|f| if f.name() == "callback" {