Set-Cookie use __Host-

This commit is contained in:
2024-06-03 09:10:51 +08:00
parent fd88b83b9a
commit 531db88da7
2 changed files with 6 additions and 3 deletions

View File

@@ -92,9 +92,10 @@ export async function handler(req: Request, ctx: FreshContext) {
if (ot.expired.getTime() - 2505600000 < now) {
try {
const t = m.db.update_token(ot.token, now);
const host = t.secure ? "__Host-" : "";
headers.append(
"Set-Cookie",
`token=${t.token}; Expires=${t.expired.toUTCString()}${
`${host}token=${t.token}; Expires=${t.expired.toUTCString()}${
t.http_only ? "; HttpOnly" : ""
}${
t.secure

View File

@@ -65,7 +65,8 @@ export const handler: Handlers = {
m.db.delete_token(t);
const headers: HeadersInit = {};
if (is_from_auth && is_from_cookie) {
headers["Set-Cookie"] = `token=${token.token}; Max-Age=0${
const host = token.secure ? "__Host-" : "";
headers["Set-Cookie"] = `${host}token=${token.token}; Max-Age=0${
token.http_only ? "; HttpOnly" : ""
}${
token.secure
@@ -152,8 +153,9 @@ export const handler: Handlers = {
);
const headers: HeadersInit = {};
if (set_cookie) {
const host = token.secure ? "__Host-" : "";
headers["Set-Cookie"] =
`token=${token.token}; Expires=${token.expired.toUTCString()}${
`${host}token=${token.token}; Expires=${token.expired.toUTCString()}${
http_only ? "; HttpOnly" : ""
}${
secure