Resolve #537

the-djmaze · Feb 22, 2023 · c83cf64 · c83cf64
1 parent bb77d0a
commit c83cf64
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/dev/Storage/Client.js b/dev/Storage/Client.js
@@ -27,8 +27,8 @@ try {
 		setItem: (key, value) => {
 			data[key] = ''+value; // forces the value to a string
 			document.cookie = sName+'='+encodeURIComponent(JSON.stringify(data))
-				+"; expires="+((new Date(Date.now()+(365*24*60*60*1000))).toGMTString())
-				+"; path=/; samesite=strict";
+				+";expires="+((new Date(Date.now()+(365*24*60*60*1000))).toGMTString())
+				+";path=/;samesite=strict";
 		}
 	};
 }

diff --git a/dev/boot.js b/dev/boot.js
@@ -37,8 +37,6 @@ try {
 		smctoken = encodeURIComponent(btoa(String.fromCharCode(...data)));
 	}
 	localStorage.setItem('smctoken', smctoken);
-//	doc.cookie = `smctoken=${smctoken};path=${doc.location.pathname};samesite=strict;secure";
-//	doc.cookie = 'smctoken='+smctoken+";path=/;samesite=lax";
 	doc.cookie = 'smctoken='+smctoken+";path=/;samesite=strict";
 } catch (e) {
 	console.error(e);

diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Service.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Service.php
@@ -180,8 +180,14 @@ private static function RunResult() : bool
 			if ($sResult) {
 				$sResult .= '<!--cached-->';
 			} else {
+				$SameSite = \strtolower($oConfig->Get('security', 'cookie_samesite', 'Strict'));
+				$Secure = (isset($_SERVER['HTTPS']) || 'none' == $SameSite) ? ';secure' : '';
 				$aTemplateParameters['{{BaseAppBootCss}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/css/boot'.$sAppCssMin.'.css');
-				$aTemplateParameters['{{BaseAppBootScript}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/js'.($sAppJsMin ? '/min' : '').'/boot'.$sAppJsMin.'.js');
+				$aTemplateParameters['{{BaseAppBootScript}}'] = \str_replace(
+					'samesite=strict',
+					"samesite={$SameSite}{$Secure}",
+					\file_get_contents(APP_VERSION_ROOT_PATH.'static/js'.($sAppJsMin ? '/min' : '').'/boot'.$sAppJsMin.'.js')
+				);
 				$aTemplateParameters['{{BaseAppMainCssLink}}'] = Utils::WebStaticPath('css/'.($bAdmin ? 'admin' : 'app').$sAppCssMin.'.css');
 				$aTemplateParameters['{{BaseAppThemeCss}}'] = \preg_replace('/\\s*([:;{},]+)\\s*/s', '$1', $oActions->compileCss($sThemeName, $bAdmin));
 				$aTemplateParameters['{{BaseLanguage}}'] = $oActions->compileLanguage($sLanguage, $bAdmin);