Skip to content

Commit

Permalink
Cookie poisoning cxone fix (#3991)
Browse files Browse the repository at this point in the history
  • Loading branch information
hardl authored Oct 15, 2024
1 parent cfbea09 commit dabd9f5
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 11 deletions.
10 changes: 4 additions & 6 deletions client/src/lifecycleManager.js
Original file line number Diff line number Diff line change
Expand Up @@ -146,28 +146,26 @@ class LifecycleManager extends LuigiClientBase {
let tpc = 'enabled';
let cookies = document.cookie;
let luigiCookie;
let luigiCookieKey;
if (cookies) {
luigiCookie = cookies
.split(';')
.map(cookie => cookie.trim())
.find(cookie => cookie == 'luigiCookie=true');
.find(cookie => cookie === 'luigiCookie=true');
}
if (luigiCookie === 'luigiCookie=true') {
luigiCookieKey = luigiCookie.split('=')[0];
document.cookie = luigiCookieKey + '=; Max-Age=-99999999; SameSite=None; Secure';
document.cookie = 'luigiCookie=; Max-Age=-99999999; SameSite=None; Secure';
}
document.cookie = 'luigiCookie=true; SameSite=None; Secure';
cookies = document.cookie;
if (cookies) {
luigiCookie = cookies
.split(';')
.map(cookie => cookie.trim())
.find(cookie => cookie == 'luigiCookie=true');
.find(cookie => cookie === 'luigiCookie=true');
}
if (luigiCookie === 'luigiCookie=true') {
document.cookie = 'luigiCookie=; Max-Age=-99999999; SameSite=None; Secure';
window.parent.postMessage({ msg: 'luigi.third-party-cookie', tpc }, '*');
document.cookie = luigiCookieKey + '=; Max-Age=-99999999; SameSite=None; Secure';
} else {
tpc = 'disabled';
window.parent.postMessage({ msg: 'luigi.third-party-cookie', tpc }, '*');
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ describe('Iframe Container Test', () => {
.get('iframe')
.then(() => {
cy.wrap(stub).should('have.been.calledWith', 'set-third-party-cookies-request');
cy.getCookie('luigiCookie').should('exist');
cy.getCookie('luigiCookie').should('not.exist');
});
});

Expand Down
6 changes: 2 additions & 4 deletions core/third-party-cookies/init.html
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,14 @@
<script>
let cookies = document.cookie;
let luigiCookie;
let luigiCookieKey;
if (cookies) {
luigiCookie = cookies
.split(';')
.map(cookie => cookie.trim())
.find(cookie => cookie == 'luigiCookie=true');
}
if (luigiCookie === 'luigiCookie=true') {
luigiCookieKey = luigiCookie.split('=')[0];
document.cookie = luigiCookieKey + '=; Max-Age=-99999999; SameSite=None; Secure';
document.cookie = 'luigiCookie=; Max-Age=-99999999; SameSite=None; Secure';
}
document.cookie = 'luigiCookie=true; SameSite=None; Secure';
cookies = document.cookie;
Expand All @@ -23,7 +21,7 @@
}
if (luigiCookie === 'luigiCookie=true') {
window.parent.postMessage('luigi.tpcEnabled', '*');
document.cookie = luigiCookieKey + '=; Max-Age=-99999999; SameSite=None; Secure';
document.cookie = 'luigiCookie=; Max-Age=-99999999; SameSite=None; Secure';
} else {
window.parent.postMessage('luigi.tpcDisabled', '*');
console.warn('Third party cookies are not supported!');
Expand Down

0 comments on commit dabd9f5

Please sign in to comment.