external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: Use SameSite=Lax on cookies

Browse source
This commit is contained in:
Joakim Saario 2022-08-18 18:35:25 +02:00
parent fb1fb2ef3b
commit f10732960c
No known key found for this signature in database
GPG key ID: D8B76D271B7BD453
3 changed files with 50 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

10
aurweb/cookies.py
View file

@ -5,15 +5,13 @@ from aurweb import config
def samesite() -> str:
""" Produce cookie SameSite value based on options.disable_http_login.
""" Produce cookie SameSite value.
When options.disable_http_login is True, "strict" is returned. Otherwise,
"lax" is returned.
Currently this is hard-coded to return "lax"
:returns "strict" if options.disable_http_login else "lax"
:returns "lax"
"""
secure = config.getboolean("options", "disable_http_login")
return "strict" if secure else "lax"
return "lax"
def timeout(extended: bool) -> int: