merge: make cookie a bit more secure - fixes #445 (!468)

View MR for information: !468 Closes #445 Approved-by: Luna <her@mint.lgbt> Approved-by: Amelia Yukii <amelia.yukii@shourai.de>

merge: make cookie a bit more secure - fixes #445 (!468)
View MR for information: !468 Closes #445 Approved-by: Luna <her@mint.lgbt> Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
94aed953 · dakkar · aa7035a3 · 6826e43a · 94aed953
Commit 94aed953 authored 1 year ago by dakkar
--- a/packages/frontend/src/account.ts
+++ b/packages/frontend/src/account.ts
@@ -43,6 +43,7 @@ export async function signout() {
 	waiting();
 	miLocalStorage.removeItem('account');
 	await removeAccount($i.id);
+	document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`;
 	const accounts = await getAccounts();

 	//#region Remove service worker registration
@@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) {
 			throw reason;
 		});
 	miLocalStorage.setItem('account', JSON.stringify(me));
-	document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う
+	document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う
 	await addAccount(me.id, token);

 	if (redirect) {