d4708
/
qBittorrent
mirror of https://github.com/d47081/qBittorrent.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add SameSite attribute to WebUI session cookie 

This attribute prevents the cookie from being submitted on any cross-site request, strongly limiting CSRF.

Closes #9877.
adaptive-webui-19844
Thomas Piccirello 6 years ago
parent
a57a026f4c
commit
cd47380b85
1 changed files with 4 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      src/webui/webapplication.cpp

5
src/webui/webapplication.cpp
Unescape View File

@ -656,7 +656,10 @@ void WebApplication::sessionStart() @@ -656,7 +656,10 @@ void WebApplication::sessionStart()
QNetworkCookie cookie(C_SID, m_currentSession->id().toUtf8());
cookie.setHttpOnly(true);
cookie.setPath(QLatin1String("/"));
header(Http::HEADER_SET_COOKIE, cookie.toRawForm());
QByteArray cookieRawForm = cookie.toRawForm();
if (m_isCSRFProtectionEnabled)
cookieRawForm.append("; SameSite=Strict");
header(Http::HEADER_SET_COOKIE, cookieRawForm);
}
void WebApplication::sessionEnd()

Write Preview
Loading…
Cancel
Save