Improve cookie security

2019-08-15 18:25:47 +02:00 · 2019-08-15 18:25:47 +02:00 · 11887b793a
parent 7dfbc16f4c
commit 11887b793a
3 changed files with 4 additions and 4 deletions
--- a/nitter.nimble
+++ b/nitter.nimble
@ -11,8 +11,8 @@ bin           = @["nitter"]
 # Dependencies

 requires "nim >= 0.19.9"
-requires "norm >= 1.0.11"
-requires "jester >= 0.4.1"
+requires "norm <= 1.0.11"
+requires "jester >= 0.4.3"
 requires "regex >= 0.11.2"
 requires "q >= 0.0.7"
 requires "nimcrypto >= 0.3.9"
--- a/src/nitter.nim
+++ b/src/nitter.nim
@ -92,7 +92,7 @@ routes:
  post "/saveprefs":
    var prefs = getCookiePrefs(request)
    genUpdatePrefs()
-    setCookie("preferences", $prefs.id, daysForward(360))
+    setCookie("preferences", $prefs.id, daysForward(360), httpOnly=true, secure=true)
    redirect("/settings")

  get "/settings":
--- a/src/prefs.nim
+++ b/src/prefs.nim
@ -46,7 +46,7 @@ const prefList*: Table[string, seq[Pref]] = {

  "Display": @[
    Pref(kind: checkbox, name: "hideTweetStats",
-         label: "Hide tweet stats (replies, retweets, likes",
+         label: "Hide tweet stats (replies, retweets, likes)",
         defaultState: false),

    Pref(kind: checkbox, name: "hideBanner", label: "Hide profile banner",