From 11887b793acb7c3dc3ee16a292d8e535d4ba201d Mon Sep 17 00:00:00 2001 From: Zed Date: Thu, 15 Aug 2019 18:25:47 +0200 Subject: [PATCH] Improve cookie security --- nitter.nimble | 4 ++-- src/nitter.nim | 2 +- src/prefs.nim | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nitter.nimble b/nitter.nimble index 039b7d0..3b984f6 100644 --- a/nitter.nimble +++ b/nitter.nimble @@ -11,8 +11,8 @@ bin = @["nitter"] # Dependencies requires "nim >= 0.19.9" -requires "norm >= 1.0.11" -requires "jester >= 0.4.1" +requires "norm <= 1.0.11" +requires "jester >= 0.4.3" requires "regex >= 0.11.2" requires "q >= 0.0.7" requires "nimcrypto >= 0.3.9" diff --git a/src/nitter.nim b/src/nitter.nim index 45198bf..269f560 100644 --- a/src/nitter.nim +++ b/src/nitter.nim @@ -92,7 +92,7 @@ routes: post "/saveprefs": var prefs = getCookiePrefs(request) genUpdatePrefs() - setCookie("preferences", $prefs.id, daysForward(360)) + setCookie("preferences", $prefs.id, daysForward(360), httpOnly=true, secure=true) redirect("/settings") get "/settings": diff --git a/src/prefs.nim b/src/prefs.nim index 4fb9ef7..8451fc8 100644 --- a/src/prefs.nim +++ b/src/prefs.nim @@ -46,7 +46,7 @@ const prefList*: Table[string, seq[Pref]] = { "Display": @[ Pref(kind: checkbox, name: "hideTweetStats", - label: "Hide tweet stats (replies, retweets, likes", + label: "Hide tweet stats (replies, retweets, likes)", defaultState: false), Pref(kind: checkbox, name: "hideBanner", label: "Hide profile banner",