diff --git a/app/login.py b/app/login.py index 75bd0a50..d931e84f 100644 --- a/app/login.py +++ b/app/login.py @@ -39,9 +39,13 @@ def send_cookie(login): c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) c["uuid"] = user_uuid c["uuid"]["path"] = "/" + # c["uuid"]["sameSite"] = "Strict" + c["uuid"]["Secure"] = "True" c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT") c["group"] = user_groups c["group"]["path"] = "/" + # c["group"]["sameSite"] = "Strict" + c["group"]["Secure"] = "True" c["group"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT") print(c) @@ -59,6 +63,8 @@ def ban(): expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=10) c["ban"] = 1 c["ban"]["path"] = "/" + # c["ban"]["sameSite"] = "Strict" + c["ban"]["Secure"] = "True" c["ban"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT") try: funct.logging('locahost', login+' failed log in', haproxywi=1, login=1) diff --git a/inc/script.js b/inc/script.js index b1544b8b..1265f91a 100644 --- a/inc/script.js +++ b/inc/script.js @@ -904,7 +904,7 @@ function createHistroy() { } catch { var get_history_array = ['login.py', 'login.py','login.py']; - Cookies.set('history', JSON.stringify(get_history_array), { expires: 1, path: '/app' }); + Cookies.set('history', JSON.stringify(get_history_array), { expires: 1, path: '/app', sameSite: 'Strict', Secure: 'True' }); } } function listHistroy() { @@ -941,13 +941,13 @@ function listHistroy() { }); }); } - Cookies.set('history', JSON.stringify(browse_history), { expires: 1, path: '/app' }); + Cookies.set('history', JSON.stringify(browse_history), { expires: 1, path: '/app', sameSite: 'Strict', Secure: 'True' }); } createHistroy() listHistroy() function changeCurrentGroupF(){ Cookies.remove('group'); - Cookies.set('group', $('#newCurrentGroup').val(), { path: '/app' }); + Cookies.set('group', $('#newCurrentGroup').val(), { path: '/app', sameSite: 'Strict', Secure: 'True' }); location.reload(); -} \ No newline at end of file +}