diff --git a/app.js b/app.js index 700f3137c0..d20f0a35f2 100644 --- a/app.js +++ b/app.js @@ -69,7 +69,7 @@ app.use(morgan('combined', { })) // socket io -var io = require('socket.io')(server) +var io = require('socket.io')(server, { cookie: false }) io.engine.ws = new (require('ws').Server)({ noServer: true, perMessageDeflate: false @@ -148,7 +148,8 @@ app.use(session({ saveUninitialized: true, // always create session to ensure the origin rolling: true, // reset maxAge on every response cookie: { - maxAge: config.sessionLife + maxAge: config.sessionLife, + sameSite: 'lax' }, store: sessionStore })) diff --git a/package-lock.json b/package-lock.json index 6abf438585..806db038eb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9293,9 +9293,9 @@ } }, "js-cookie": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-2.2.1.tgz", - "integrity": "sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.0.tgz", + "integrity": "sha512-oUbbplKuH07/XX2YD2+Q+GMiPpnVXaRz8npE7suhBH9QEkJe2W7mQ6rwuMXHue3fpfcftQwzgyvGzIHyfCSngQ==", "dev": true }, "js-string-escape": { diff --git a/package.json b/package.json index 7306892dd4..5a66a32371 100644 --- a/package.json +++ b/package.json @@ -143,7 +143,7 @@ "jquery": "~3.4.1", "jquery-mousewheel": "~3.1.13", "jquery-ui": "~1.12.1", - "js-cookie": "~2.2.0", + "js-cookie": "^3.0.0", "js-yaml": "~3.13.1", "jsonlint": "~1.6.2", "keymaster": "~1.6.2", diff --git a/public/js/index.js b/public/js/index.js index 7f4f576ec7..af8fcf3a98 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -1600,7 +1600,9 @@ function toggleNightMode () { store.set('nightMode', !isActive) } else { Cookies.set('nightMode', !isActive, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) } } diff --git a/public/js/lib/common/login.js b/public/js/lib/common/login.js index 28e5b4703b..6e2557f153 100644 --- a/public/js/lib/common/login.js +++ b/public/js/lib/common/login.js @@ -19,11 +19,15 @@ export function resetCheckAuth () { export function setLoginState (bool, id) { Cookies.set('loginstate', bool, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) if (id) { Cookies.set('userid', id, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) } else { Cookies.remove('userid') diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js index eb887da694..d405a08b35 100644 --- a/public/js/lib/editor/index.js +++ b/public/js/lib/editor/index.js @@ -450,12 +450,16 @@ export default class Editor { const setType = () => { if (this.editor.getOption('indentWithTabs')) { Cookies.set('indent_type', 'tab', { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) type.text('Tab Size:') } else { Cookies.set('indent_type', 'space', { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) type.text('Spaces:') } @@ -466,11 +470,15 @@ export default class Editor { var unit = this.editor.getOption('indentUnit') if (this.editor.getOption('indentWithTabs')) { Cookies.set('tab_size', unit, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) } else { Cookies.set('space_units', unit, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) } widthLabel.text(unit) @@ -538,7 +546,9 @@ export default class Editor { const setKeymapLabel = () => { var keymap = this.editor.getOption('keyMap') Cookies.set('keymap', keymap, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) label.text(keymap) this.restoreOverrideEditorKeymap() @@ -573,7 +583,9 @@ export default class Editor { const setTheme = theme => { this.editor.setOption('theme', theme) Cookies.set('theme', theme, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) this.statusIndicators.find('.status-theme li').removeClass('active') this.statusIndicators.find(`.status-theme li[value="${theme}"]`).addClass('active') @@ -675,7 +687,9 @@ export default class Editor { spellcheckToggle.removeClass('active') Cookies.set('spellcheck', false, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) self.editor.setOption('mode', defaultEditorMode) @@ -683,7 +697,9 @@ export default class Editor { spellcheckToggle.addClass('active') Cookies.set('spellcheck', lang, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) self.editor.setOption('mode', 'spell-checker') @@ -704,7 +720,9 @@ export default class Editor { this.editor.setOption('gutters', [lintGutter, ...gutters]) } Cookies.set('linter', true, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) } else { this.editor.setOption('gutters', gutters.filter(g => g !== lintGutter)) @@ -753,7 +771,9 @@ export default class Editor { ) if (overrideBrowserKeymap.is(':checked')) { Cookies.set('preferences-override-browser-keymap', true, { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) this.restoreOverrideEditorKeymap() } else { diff --git a/public/js/locale.js b/public/js/locale.js index 71c0f99fb5..110b427b1d 100644 --- a/public/js/locale.js +++ b/public/js/locale.js @@ -25,7 +25,9 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected') locale.change(function () { Cookies.set('locale', $(this).val(), { - expires: 365 + expires: 365, + sameSite: 'Lax', + secure: window.location.protocol === 'https:' }) window.location.reload() })