[openstreetmap/openstreetmap-website] Use secure cookies only when HTTPS is expected (PR #6430)
Pablo Brasero
notifications at github.com
Mon Oct 6 16:14:42 UTC 2025
Two changes:
- DRY up the code handling JS cookies.
- It's very repetitive as every single instance repeats the arguments `{ secure: true, path: "/", samesite: "lax" }`.
- We can avoid this using `Cookies.withAttributes`, creating a preset that I have placed at `OSM.cookies`.
- Argument `expires` left in place as it does change in each instance.
- Change `secure: true` to only apply when HTTPS is expected. This is, when `Settings.server_protocol == "https"`.
This change is extracted from https://github.com/openstreetmap/openstreetmap-website/pull/6424. Over there it was done so that system tests work with remote Selenium.
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/6430
-- Commit Summary --
* DRY up cookie handling
* Secure cookies only when HTTPS expected
-- File Changes --
M app/assets/javascripts/index.js (8)
M app/assets/javascripts/index/directions.js (6)
M app/assets/javascripts/index/new_note.js (4)
M app/assets/javascripts/language_selector.js (2)
M app/assets/javascripts/osm.js.erb (4)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/6430.patch
https://github.com/openstreetmap/openstreetmap-website/pull/6430.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6430
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/6430 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20251006/81169618/attachment.htm>
More information about the rails-dev
mailing list