Fixes issue #21
+2
-2
Diff
round #0
+2
-2
packages/cli/src/components/sequoia-subscribe.js
+2
-2
packages/cli/src/components/sequoia-subscribe.js
···
161
161
const expires = new Date(
162
162
Date.now() + 365 * 24 * 60 * 60 * 1000,
163
163
).toUTCString();
164
-
document.cookie = `sequoia_did=${encodeURIComponent(did)}; expires=${expires}; path=/; SameSite=Lax`;
164
+
document.cookie = `sequoia_did=${encodeURIComponent(did)}; Expires=${expires}; Path=/; SameSite=Lax; Secure`;
165
165
} catch {
166
166
// Cookie write may fail in some embedded contexts
167
167
}
···
201
201
function clearSubscriberDid() {
202
202
try {
203
203
document.cookie =
204
-
"sequoia_did=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; SameSite=Lax";
204
+
"sequoia_did=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; SameSite=Lax; Secure";
205
205
} catch {
206
206
// ignore
207
207
}
History
1 round
3 comments
heaths.dev
submitted
#0
1 commit
expand
collapse
Make sequoia-subscribe cookie Secure
Fixes issue #21
1/1 success
expand
collapse
expand 3 comments
Also tested it against my test site using a reverse-proxied addresses globally accessible.
Excellent!! Thank you for this ๐๐ป
pull request successfully merged
To note, it works without this, but this would be safer. Just didn't think about it before. Should still work with localhost per MDN.