UNPKG

smc-hub

Version:

CoCalc: Backend webserver component

github.com/sagemathinc/cocalc

sagemathinc/cocalc

35 lines (32 loc) 1.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/* In the interest of security and "XSS", we strip the "remember_me" cookie from the header before passing anything along via the proxy. The reason this is important is that it's critical that the project (and nothing running in the project) can get access to a user's auth cookie. I.e., malicious code running in a project shouldn't be able to steal auth credentials for all users of a project! */ import { remember_me_cookie_name } from "../auth"; export default function stripRememberMeCookie(cookie): { cookie: string; remember_me: string | undefined; // the value of the cookie we just stripped out. } { if (cookie == null) { return { cookie, remember_me: undefined }; } else { const v : string[] = []; let remember_me: string | undefined = undefined; for (const c of cookie.split(";")) { const z = c.split("="); if (z[0].trim() == remember_me_cookie_name()) { // save it but do not include it in v, which will // be the new cookies values after going through // the proxy. remember_me = z[1].trim(); } else { v.push(c); } } return { cookie: v.join(";"), remember_me }; } }