Update cookie management a bit
Update to latest rocket_csrf Make user_id a samesite lax cookie (see https://github.com/Plume-org/Plume/issues/233#issuecomment-422660275)
This commit is contained in:
parent
1e3f40833d
commit
fceb9ab0cd
6
Cargo.lock
generated
6
Cargo.lock
generated
@ -1485,7 +1485,7 @@ dependencies = [
|
||||
"rocket 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)",
|
||||
"rocket_codegen 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)",
|
||||
"rocket_contrib 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)",
|
||||
"rocket_csrf 0.1.0 (git+https://github.com/fdb-hiroshima/rocket_csrf?rev=5d23ba4c6c2ee4c41040d428d24344db3d29997f)",
|
||||
"rocket_csrf 0.1.0 (git+https://github.com/fdb-hiroshima/rocket_csrf?rev=b326a9893a1849c9abdb39cab9fd7c4a52eb9674)",
|
||||
"rocket_i18n 0.1.1 (git+https://github.com/BaptisteGelez/rocket_i18n?rev=75a3bfd7b847324c078a355a7f101f8241a9f59b)",
|
||||
"rpassword 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde 1.0.77 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
@ -1861,7 +1861,7 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "rocket_csrf"
|
||||
version = "0.1.0"
|
||||
source = "git+https://github.com/fdb-hiroshima/rocket_csrf?rev=5d23ba4c6c2ee4c41040d428d24344db3d29997f#5d23ba4c6c2ee4c41040d428d24344db3d29997f"
|
||||
source = "git+https://github.com/fdb-hiroshima/rocket_csrf?rev=b326a9893a1849c9abdb39cab9fd7c4a52eb9674#b326a9893a1849c9abdb39cab9fd7c4a52eb9674"
|
||||
dependencies = [
|
||||
"csrf 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"data-encoding 2.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
@ -2963,7 +2963,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
"checksum rocket_codegen 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)" = "<none>"
|
||||
"checksum rocket_codegen_next 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)" = "<none>"
|
||||
"checksum rocket_contrib 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)" = "<none>"
|
||||
"checksum rocket_csrf 0.1.0 (git+https://github.com/fdb-hiroshima/rocket_csrf?rev=5d23ba4c6c2ee4c41040d428d24344db3d29997f)" = "<none>"
|
||||
"checksum rocket_csrf 0.1.0 (git+https://github.com/fdb-hiroshima/rocket_csrf?rev=b326a9893a1849c9abdb39cab9fd7c4a52eb9674)" = "<none>"
|
||||
"checksum rocket_http 0.4.0-dev (git+https://github.com/SergioBenitez/Rocket?rev=55459db7732b9a240826a5c120c650f87e3372ce)" = "<none>"
|
||||
"checksum rocket_i18n 0.1.1 (git+https://github.com/BaptisteGelez/rocket_i18n?rev=75a3bfd7b847324c078a355a7f101f8241a9f59b)" = "<none>"
|
||||
"checksum rpassword 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d127299b02abda51634f14025aec43ae87a7aa7a95202b6a868ec852607d1451"
|
||||
|
@ -56,7 +56,7 @@ rev = "55459db7732b9a240826a5c120c650f87e3372ce"
|
||||
|
||||
[dependencies.rocket_csrf]
|
||||
git = "https://github.com/fdb-hiroshima/rocket_csrf"
|
||||
rev = "5d23ba4c6c2ee4c41040d428d24344db3d29997f"
|
||||
rev = "b326a9893a1849c9abdb39cab9fd7c4a52eb9674"
|
||||
|
||||
[dependencies.rocket_i18n]
|
||||
git = "https://github.com/BaptisteGelez/rocket_i18n"
|
||||
|
@ -165,7 +165,7 @@ fn main() {
|
||||
.add_exceptions(vec![
|
||||
("/inbox".to_owned(), "/inbox".to_owned(), rocket::http::Method::Post),
|
||||
("/@/<name>/inbox".to_owned(), "/@/<name>/inbox".to_owned(), rocket::http::Method::Post),
|
||||
("/~/<blog>/<slug>".to_owned(), "/~/<blog>/<slug>".to_owned(), rocket::http::Method::Post),
|
||||
("/login".to_owned(), "/login".to_owned(), rocket::http::Method::Post),
|
||||
])
|
||||
.finalize().unwrap())
|
||||
.launch();
|
||||
|
@ -1,5 +1,5 @@
|
||||
use rocket::{
|
||||
http::{Cookie, Cookies, uri::Uri},
|
||||
http::{Cookie, Cookies, SameSite, uri::Uri},
|
||||
response::Redirect,
|
||||
request::{LenientForm,FlashMessage}
|
||||
};
|
||||
@ -72,7 +72,9 @@ fn create(conn: DbConn, data: LenientForm<LoginForm>, flash: Option<FlashMessage
|
||||
}
|
||||
|
||||
if errors.is_empty() {
|
||||
cookies.add_private(Cookie::new(AUTH_COOKIE, user.unwrap().id.to_string()));
|
||||
cookies.add_private(Cookie::build(AUTH_COOKIE, user.unwrap().id.to_string())
|
||||
.same_site(SameSite::Lax)
|
||||
.finish());
|
||||
|
||||
let destination = flash
|
||||
.and_then(|f| if f.name() == "callback" {
|
||||
|
Loading…
Reference in New Issue
Block a user