diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2020-01-29 09:07:51 +0100 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2020-01-29 09:07:51 +0100 |
| commit | 885c97da535c0c77d79e53391de5c37f2704e01a (patch) | |
| tree | b042f34b2639f36e8337f82212f9bc6d49ca4d20 | |
| parent | b8f65c340c42acda920298af4318784a79a0965c (diff) | |
luci-base: add another magic security attribute to the sysauth cookie
Fixes: #3585
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
| -rw-r--r-- | modules/luci-base/luasrc/dispatcher.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index 48e125e4a..32d34da01 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -806,7 +806,7 @@ function dispatch(request) return tpl.render("sysauth", { duser = "root", fuser = user }) end - http.header("Set-Cookie", 'sysauth=%s; path=%s; HttpOnly%s' %{ + http.header("Set-Cookie", 'sysauth=%s; path=%s; SameSite=Strict; HttpOnly%s' %{ sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or "" }) |