Remove httpOnly requirement.

2024-05-17 09:22:38 +00:00 · 2023-11-29 09:28:13 -05:00 · 2023-11-29 09:28:13 -05:00 · 885affe660
parent 86990d5138
commit 885affe660
1 changed files with 1 additions and 2 deletions
--- a/crates/api/src/lib.rs
+++ b/crates/api/src/lib.rs
@ -84,10 +84,9 @@ pub fn read_auth_token(req: &HttpRequest) -> Result<Option<String>, LemmyError>
  else if let Some(cookie) = &req.cookie(AUTH_COOKIE_NAME) {
    // ensure that its marked as httponly and secure
    let secure = cookie.secure().unwrap_or_default();
-    let http_only = cookie.http_only().unwrap_or_default();
    let is_debug_mode = cfg!(debug_assertions);

-    if !is_debug_mode && (!secure || !http_only) {
+    if !is_debug_mode && !secure {
      Err(LemmyError::from(LemmyErrorType::AuthCookieInsecure))
    } else {
      Ok(Some(cookie.value().to_string()))