Skip to content
Snippets Groups Projects
Unverified Commit e84f8f55 authored by Dessalines's avatar Dessalines Committed by GitHub
Browse files

Remove httpOnly requirement. (#4212)

parent 86990d51
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 2 deletions
crates/api/src/lib.rs
+ 1
2
View file @ e84f8f55
......@@ -84,10 +84,9 @@ pub fn read_auth_token(req: &HttpRequest) -> Result<Option<String>, LemmyError>
else if let Some(cookie) = &req.cookie(AUTH_COOKIE_NAME) {
// ensure that its marked as httponly and secure
let secure = cookie.secure().unwrap_or_default();
let http_only = cookie.http_only().unwrap_or_default();
let is_debug_mode = cfg!(debug_assertions);
if !is_debug_mode && (!secure || !http_only) {
if !is_debug_mode && !secure {
Err(LemmyError::from(LemmyErrorType::AuthCookieInsecure))
} else {
Ok(Some(cookie.value().to_string()))
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment