Hessenuk/DiscordTickets
Hessenuk/DiscordTickets
2
0
Fork 0
mirror of https://github.com/Hessenuk/DiscordTickets.git synced 2024-09-29 14:35:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: infinite redirect when logging in

Browse Source 
by setting `Same-Site=Lax`: https://bugs.chromium.org/p/chromium/issues/detail?id=696204#c41
This commit is contained in:
Isaac 2023-03-13 17:04:42 +00:00
parent 6773d9ddbe
commit 757f77fb1d
No known key found for this signature in database
GPG Key ID: 0DE40AE37BBA5C33
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/routes/auth/callback.js
View File

@ -6,6 +6,8 @@ module.exports.get = () => ({
access_token: accessToken,
expires_in: expiresIn,
} = await this.discord.getAccessTokenFromAuthorizationCodeFlow(req);
const redirect = this.states.get(req.query.state) || '/';
this.states.delete(req.query.state);
const user = await (await fetch('https://discordapp.com/api/users/@me', { headers: { 'Authorization': `Bearer ${accessToken}` } })).json();
const token = this.jwt.sign({
accessToken,
@ -16,16 +18,14 @@ module.exports.get = () => ({
locale: user.locale,
username: user.username,
});
res
.setCookie('token', token, {
domain,
httpOnly: true,
maxAge: expiresIn,
path: '/',
sameSite: true,
secure: false,
})
.redirect(this.states.get(req.query.state) || '/');
this.states.delete(req.query.state);
res.setCookie('token', token, {
domain,
httpOnly: true,
maxAge: expiresIn,
path: '/',
sameSite: 'Lax',
secure: false,
});
return res.redirect(303, redirect);
},
});