polynux
/
tarteauxmyrtilles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #497 from Baltazardoung/cookie-information-disclosure 

Cookie secure - Information Disclosure
This commit is contained in:
Amauri CHAMPEAUX 2020-10-05 13:47:45 +02:00 committed by GitHub
parent 70134c5491 cb9542968e
commit cbf1394ce2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tarteaucitron.js
View File

@ -1227,10 +1227,11 @@ var tarteaucitron = {
regex = new RegExp("!" + key + "=(wait|true|false)", "g"), regex = new RegExp("!" + key + "=(wait|true|false)", "g"),
cookie = tarteaucitron.cookie.read().replace(regex, ""), cookie = tarteaucitron.cookie.read().replace(regex, ""),
value = tarteaucitron.parameters.cookieName + '=' + cookie + '!' + key + '=' + status, value = tarteaucitron.parameters.cookieName + '=' + cookie + '!' + key + '=' + status,
domain = (tarteaucitron.parameters.cookieDomain !== undefined && tarteaucitron.parameters.cookieDomain !== '') ? 'domain=' + tarteaucitron.parameters.cookieDomain + ';' : ''; domain = (tarteaucitron.parameters.cookieDomain !== undefined && tarteaucitron.parameters.cookieDomain !== '') ? '; domain=' + tarteaucitron.parameters.cookieDomain : '';
secure = location.protocol === 'https:' ? '; Secure' : '';
d.setTime(expireTime); d.setTime(expireTime);
document.cookie = value + '; expires=' + d.toGMTString() + '; path=/;' + domain; document.cookie = value + '; expires=' + d.toGMTString() + '; path=/' + domain + secure + '; samesite=lax';
}, },
"read": function () { "read": function () {
"use strict"; "use strict";