squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-18 06:28:03 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add SameSite attribute to WebUI session cookie

Browse Source 
This attribute prevents the cookie from being submitted on any cross-site request, strongly limiting CSRF.

Closes #9877.
This commit is contained in:
Thomas Piccirello
2018-11-20 02:56:30 -05:00
parent a57a026f4c
commit cd47380b85
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/webui/webapplication.cpp
View File

@@ -656,7 +656,10 @@ void WebApplication::sessionStart()
QNetworkCookie cookie(C_SID, m_currentSession->id().toUtf8()); QNetworkCookie cookie(C_SID, m_currentSession->id().toUtf8());
cookie.setHttpOnly(true); cookie.setHttpOnly(true);
cookie.setPath(QLatin1String("/")); cookie.setPath(QLatin1String("/"));
header(Http::HEADER_SET_COOKIE, cookie.toRawForm()); QByteArray cookieRawForm = cookie.toRawForm();
if (m_isCSRFProtectionEnabled)
cookieRawForm.append("; SameSite=Strict");
header(Http::HEADER_SET_COOKIE, cookieRawForm);
} }
void WebApplication::sessionEnd() void WebApplication::sessionEnd()