mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
fix(fastapi): limit cookie migration to whitelisted keys
Whitelisted keys: AURSID, AURTZ, AURLANG Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris
parent
65be8b8e07
commit
d7ac95a707
1 changed files with 4 additions and 1 deletions
|
|
@ -104,8 +104,11 @@ def valid_ssh_pubkey(pk):
|
||||||
|
|
||||||
|
|
||||||
def migrate_cookies(request, response):
|
def migrate_cookies(request, response):
|
||||||
|
whitelist = {"AURSID", "AURTZ", "AURLANG"}
|
||||||
|
|
||||||
secure_cookies = aurweb.config.getboolean("options", "disable_http_login")
|
secure_cookies = aurweb.config.getboolean("options", "disable_http_login")
|
||||||
for k, v in request.cookies.items():
|
for k, v in request.cookies.items():
|
||||||
|
if k in whitelist:
|
||||||
response.set_cookie(k, v, secure=secure_cookies, httponly=True)
|
response.set_cookie(k, v, secure=secure_cookies, httponly=True)
|
||||||
return add_samesite_fields(response, "strict")
|
return add_samesite_fields(response, "strict")
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue