Browse Source

Merge pull request #9884 from Piccirello/webui-cookie-samesite

Add SameSite attribute to WebUI session cookie
adaptive-webui-19844
Mike Tzou 6 years ago committed by GitHub
parent
commit
70707a2664
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 5
      src/webui/webapplication.cpp

5
src/webui/webapplication.cpp

@ -657,7 +657,10 @@ void WebApplication::sessionStart() @@ -657,7 +657,10 @@ void WebApplication::sessionStart()
QNetworkCookie cookie(C_SID, m_currentSession->id().toUtf8());
cookie.setHttpOnly(true);
cookie.setPath(QLatin1String("/"));
header(Http::HEADER_SET_COOKIE, cookie.toRawForm());
QByteArray cookieRawForm = cookie.toRawForm();
if (m_isCSRFProtectionEnabled)
cookieRawForm.append("; SameSite=Strict");
header(Http::HEADER_SET_COOKIE, cookieRawForm);
}
void WebApplication::sessionEnd()

Loading…
Cancel
Save