jcarr
/
noVNC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds support for secure attribute on token cookie 

This patch adds support for the secure attribute on token
cookies (sent by nova-novncproxy). If the https is used
to transfer the cookie, the secure attribute is set thus
restricting server requestes to secure conections only.
This should prevent man-in-the-middle attacks.
This commit is contained in:
Takashi Natsume 2013-10-28 12:02:30 +00:00 committed by Edward Hope-Morley
parent 142aa4583c
commit ad941fadde
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
include/webutil.js
View File

@ -1,6 +1,7 @@
/* /*
* noVNC: HTML5 VNC client * noVNC: HTML5 VNC client
* Copyright (C) 2012 Joel Martin * Copyright (C) 2012 Joel Martin
* Copyright (C) 2013 NTT corp.
* Licensed under MPL 2.0 (see LICENSE.txt) * Licensed under MPL 2.0 (see LICENSE.txt)
* *
* See README.md for usage and integration instructions. * See README.md for usage and integration instructions.
@ -94,16 +95,20 @@ WebUtil.getQueryVar = function(name, defVal) {
// No days means only for this browser session // No days means only for this browser session
WebUtil.createCookie = function(name,value,days) { WebUtil.createCookie = function(name,value,days) {
var date, expires; var date, expires, secure;
if (days) { if (days) {
date = new Date(); date = new Date();
date.setTime(date.getTime()+(days*24*60*60*1000)); date.setTime(date.getTime()+(days*24*60*60*1000));
expires = "; expires="+date.toGMTString(); expires = "; expires="+date.toGMTString();
} } else {
else {
expires = ""; expires = "";
} }
document.cookie = name+"="+value+expires+"; path=/"; if (document.location.protocol === "https:") {
secure = "; secure";
} else {
secure = "";
}
document.cookie = name+"="+value+expires+"; path=/"+secure;
}; };
WebUtil.readCookie = function(name, defaultValue) { WebUtil.readCookie = function(name, defaultValue) {