We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
immich
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

chore(server): cookie changes to SameSite=Lax (#1467)

* fix(server/cookie): cookie should have SameSite=Lax.

* Forgot to update tests.
Skyler Mäntysaari 2 years ago
parent
6b5d6e4091
commit
fb408d7aa3
2 changed files with 10 additions and 10 deletions
Split View Show Diff Stats
  1. 4 4
      server/libs/domain/src/auth/auth.core.ts
  2. 6 6
      server/libs/domain/test/fixtures.ts

+ 4 - 4
server/libs/domain/src/auth/auth.core.ts
View File 

@@ -37,11 +37,11 @@ export class AuthCore {
 
     let accessTokenCookie = '';
 
 
     if (isSecure) {
 
-      accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Strict;`;
 
-      authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Strict;`;
 
+      accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
 
+      authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Secure; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
 
     } else {
 
-      accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Strict;`;
 
-      authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Strict;`;
 
+      accessTokenCookie = `${IMMICH_ACCESS_COOKIE}=${loginResponse.accessToken}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
 
+      authTypeCookie = `${IMMICH_AUTH_TYPE_COOKIE}=${authType}; HttpOnly; Path=/; Max-Age=${maxAge}; SameSite=Lax;`;
 
     }
 
     return [accessTokenCookie, authTypeCookie];
 
   }

+ 6 - 6
server/libs/domain/test/fixtures.ts
View File 

@@ -233,8 +233,8 @@ export const loginResponseStub = {
 
       shouldChangePassword: false,
 
     },
 
     cookie: [
 
-      'immich_access_token=cmFuZG9tLWJ5dGVz; HttpOnly; Secure; Path=/; Max-Age=604800; SameSite=Strict;',
 
-      'immich_auth_type=oauth; HttpOnly; Secure; Path=/; Max-Age=604800; SameSite=Strict;',
 
+      'immich_access_token=cmFuZG9tLWJ5dGVz; HttpOnly; Secure; Path=/; Max-Age=604800; SameSite=Lax;',
 
+      'immich_auth_type=oauth; HttpOnly; Secure; Path=/; Max-Age=604800; SameSite=Lax;',
 
     ],
 
   },
 
   user1password: {
 
@@ -249,8 +249,8 @@ export const loginResponseStub = {
 
       shouldChangePassword: false,
 
     },
 
     cookie: [
 
-      'immich_access_token=cmFuZG9tLWJ5dGVz; HttpOnly; Secure; Path=/; Max-Age=604800; SameSite=Strict;',
 
-      'immich_auth_type=password; HttpOnly; Secure; Path=/; Max-Age=604800; SameSite=Strict;',
 
+      'immich_access_token=cmFuZG9tLWJ5dGVz; HttpOnly; Secure; Path=/; Max-Age=604800; SameSite=Lax;',
 
+      'immich_auth_type=password; HttpOnly; Secure; Path=/; Max-Age=604800; SameSite=Lax;',
 
     ],
 
   },
 
   user1insecure: {
 
@@ -265,8 +265,8 @@ export const loginResponseStub = {
 
       shouldChangePassword: false,
 
     },
 
     cookie: [
 
-      'immich_access_token=cmFuZG9tLWJ5dGVz; HttpOnly; Path=/; Max-Age=604800; SameSite=Strict;',
 
-      'immich_auth_type=password; HttpOnly; Path=/; Max-Age=604800; SameSite=Strict;',
 
+      'immich_access_token=cmFuZG9tLWJ5dGVz; HttpOnly; Path=/; Max-Age=604800; SameSite=Lax;',
 
+      'immich_auth_type=password; HttpOnly; Path=/; Max-Age=604800; SameSite=Lax;',
 
     ],
 
   },
 
 };

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5