diff options
author | Yorhel <git@yorhel.nl> | 2020-03-20 15:39:28 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2020-03-20 15:39:30 +0100 |
commit | 07c05bac4f89373ce61760f63c6bce8934e70d7d (patch) | |
tree | 0c3dc628b7080281c08804ef90c3f9e874468187 /util | |
parent | 510a4bec60b2dfd6f81b295aed241dfeff2b4f6a (diff) |
Minor refactor: Move "samesite" cookie handling to vndb.pl
As its now being used from two distinct places.
Diffstat (limited to 'util')
-rwxr-xr-x | util/vndb.pl | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/util/vndb.pl b/util/vndb.pl index 0741bfaf..b7aedb27 100755 --- a/util/vndb.pl +++ b/util/vndb.pl @@ -50,6 +50,9 @@ sub TUWF::Object::imgpath { _path $ROOT, $_[1], $_[2] } # tuwf->imgurl($image_id, $thumb) sub TUWF::Object::imgurl { _path $_[0]{url_static}, $_[1], $_[2] } +# tuwf->samesite() - returns true if this request originated from the same site, i.e. not an external referer. +sub TUWF::Object::samesite { !!tuwf->reqCookie('samesite') } + TUWF::hook before => sub { # If we're running standalone, serve www/ and static/ too. @@ -60,6 +63,10 @@ TUWF::hook before => sub { } } + # Use a 'SameSite=Strict' cookie to determine whether this page was loaded from internal or external. + # Ought to be more reliable than checking the Referer header, but it's unfortunately a bit uglier. + tuwf->resCookie(samesite => 1, httponly => 1, samesite => 'Strict') if !tuwf->samesite; + # load some stats (used for about all pageviews, anyway) tuwf->{stats} = tuwf->dbStats; }; |