toolkit/utils: set SameSite attr of auth cookie to 'strict'

[proxmox-widget-toolkit.git] / src / Utils.js

diff --git a/src/Utils.js b/src/Utils.js
index 6daba97a098e70d53f2f966259af407fc2d6e634..45812158d78b2331e325714c63c380851fd46b56 100644 (file)
--- a/src/Utils.js
+++ b/src/Utils.js
@@ -308,7 +308,7 @@ utilities: {
        // that way the cookie gets deleted after the browser window is closed
        if (data.ticket) {
            Proxmox.CSRFPreventionToken = data.CSRFPreventionToken;
-           Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, data.ticket, null, '/', null, true);
+           Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, data.ticket, null, '/', null, true, "strict");
        }
 
        if (data.token) {
@@ -334,7 +334,7 @@ utilities: {
            return;
        }
        // ExtJS clear is basically the same, but browser may complain if any cookie isn't "secure"
-       Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, "", new Date(0), null, null, true);
+       Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, "", new Date(0), null, null, true, "strict");
        window.localStorage.removeItem("ProxmoxUser");
     },