This is an automated email from the ASF dual-hosted git repository. jkevan pushed a commit to branch secureCookies in repository https://gitbox.apache.org/repos/asf/unomi-tracker.git
commit f187a820d675f340e177fbea5c284ef825eba70e Author: Kevan <[email protected]> AuthorDate: Thu Mar 23 17:24:20 2023 +0100 UNOMI-756: set cookies as secure when https protocol is used --- src/apache-unomi-tracker.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/apache-unomi-tracker.js b/src/apache-unomi-tracker.js index 3a262c9..5d02b69 100644 --- a/src/apache-unomi-tracker.js +++ b/src/apache-unomi-tracker.js @@ -572,13 +572,15 @@ export const newTracker = () => { * @return {undefined} */ setCookie: function (cookieName, cookieValue, expireDays) { - var expires = ''; + let expires = ''; if (expireDays) { var d = new Date(); d.setTime(d.getTime() + (expireDays * 24 * 60 * 60 * 1000)); expires = '; expires=' + d.toUTCString(); } - document.cookie = cookieName + '=' + cookieValue + expires + '; path=/; SameSite=Strict'; + + let secure = location.protocol === 'https:' ? '; secure' : ''; + document.cookie = cookieName + '=' + cookieValue + expires + '; path=/; SameSite=Strict' + secure; }, /** @@ -604,7 +606,7 @@ export const newTracker = () => { /** * This is an utility function to remove a cookie - * + * removeCookie * @param {string} cookieName the name of the cookie to rename * @return {undefined} */ @@ -1367,8 +1369,8 @@ export const newTracker = () => { // remove cookies, reset cxs if (!enable) { wem.cxs = {}; - document.cookie = wem.trackerProfileIdCookieName + '=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;'; - document.cookie = wem.contextServerCookieName + '=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;'; + wem.removeCookie(wem.contextServerCookieName); + wem.removeCookie(wem.trackerProfileIdCookieName); delete wem.contextLoaded; } else { if (wem.DOMLoaded) {
