Skip to content

Commit

Permalink
WSA cookie security
Browse files Browse the repository at this point in the history
  • Loading branch information
@cziter15
cziter15 committed Jun 15, 2024
1 parent e2ad1bd commit 9a3f862
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/ksf/comp/ksDevicePortal.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -554,7 +554,12 @@ namespace ksf::comps
return;

if (webSocket)
webServer->sendHeader(PSTR("Set-Cookie"), PSTR("WSA=") + String(webSocket->getRequiredAuthToken()));
{
String cookie{PSTR("WSA=")};
cookie += webSocket->getRequiredAuthToken();
cookie += PSTR("; Path=/; HttpOnly; SameSite=Strict");
webServer->sendHeader(PSTR("Set-Cookie") , cookie);
}

const auto& fileMD5{FPSTR(DEVICE_FRONTEND_HTML_MD5)};
if (webServer->header(PROGMEM_IF_NONE_MATCH) == fileMD5)
Expand Down

0 comments on commit 9a3f862

Please sign in to comment.