Merge pull request #317 from dosaboy/bugs/add_secure_property_to_token_cookie

Adds 'secure' property to 'token' cookie
2013-10-29 07:19:23 -07:00 · 2013-10-29 07:19:23 -07:00 · f0d30a90f3
parent f901d9c9b8 ad941fadde
commit f0d30a90f3
1 changed files with 9 additions and 4 deletions
--- a/include/webutil.js
+++ b/include/webutil.js
@ -1,6 +1,7 @@
 /*
 * noVNC: HTML5 VNC client
 * Copyright (C) 2012 Joel Martin
+ * Copyright (C) 2013 NTT corp.
 * Licensed under MPL 2.0 (see LICENSE.txt)
 *
 * See README.md for usage and integration instructions.
@ -94,16 +95,20 @@ WebUtil.getQueryVar = function(name, defVal) {

 // No days means only for this browser session
 WebUtil.createCookie = function(name,value,days) {
-    var date, expires;
+    var date, expires, secure;
    if (days) {
        date = new Date();
        date.setTime(date.getTime()+(days*24*60*60*1000));
        expires = "; expires="+date.toGMTString();
-    }
-    else {
+    } else {
        expires = "";
    }
-    document.cookie = name+"="+value+expires+"; path=/";
+    if (document.location.protocol === "https:") {
+        secure = "; secure";
+    } else {
+        secure = "";
+    }
+    document.cookie = name+"="+value+expires+"; path=/"+secure;
 };

 WebUtil.readCookie = function(name, defaultValue) {