From ad941faddead705cd611921730054767a0b32dcd Mon Sep 17 00:00:00 2001
From: Takashi Natsume <natsume.takashi@lab.ntt.co.jp>
Date: Mon, 28 Oct 2013 12:02:30 +0000
Subject: [PATCH] Adds support for secure attribute on token cookie
This patch adds support for the secure attribute on token
cookies (sent by nova-novncproxy). If the https is used
to transfer the cookie, the secure attribute is set thus
restricting server requestes to secure conections only.
This should prevent man-in-the-middle attacks.
---
include/webutil.js | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/include/webutil.js b/include/webutil.js
index ebf8e89..5ceccbe 100644
--- a/include/webutil.js
+++ b/include/webutil.js
@@ -94,16 +95,20 @@ WebUtil.getQueryVar = function(name, defVal) {
// No days means only for this browser session
WebUtil.createCookie = function(name,value,days) {
- var date, expires;
+ var date, expires, secure;
if (days) {
date = new Date();
date.setTime(date.getTime()+(days*24*60*60*1000));
expires = "; expires="+date.toGMTString();
- }
- else {
+ } else {
expires = "";
}
- document.cookie = name+"="+value+expires+"; path=/";
+ if (document.location.protocol === "https:") {
+ secure = "; secure";
+ } else {
+ secure = "";
+ }
+ document.cookie = name+"="+value+expires+"; path=/"+secure;
};
WebUtil.readCookie = function(name, defaultValue) {
distrib
>
Mageia
>
5
>
i586
>
media
>
core-release-src
>
by-pkgid
>
310ed55c8787d17417648c4d462c956c
>
files
>
4
