squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2026-01-01 05:08:05 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add SameSite attribute to WebUI session cookie

Browse Source 
This attribute prevents the cookie from being submitted on any cross-site request, strongly limiting CSRF.

Closes #9877.
This commit is contained in:
Thomas Piccirello
2018-11-20 02:56:30 -05:00
committed by sledgehammer999
parent 44d4d41365
commit 9cc112aa4e
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/webui/webapplication.cpp
View File

@@ -657,7 +657,10 @@ void WebApplication::sessionStart()
QNetworkCookie cookie(C_SID, m_currentSession->id().toUtf8());
cookie.setHttpOnly(true);
cookie.setPath(QLatin1String("/"));
header(Http::HEADER_SET_COOKIE, cookie.toRawForm());
QByteArray cookieRawForm = cookie.toRawForm();
if (m_isCSRFProtectionEnabled)
cookieRawForm.append("; SameSite=Strict");
header(Http::HEADER_SET_COOKIE, cookieRawForm);
}
void WebApplication::sessionEnd()