Skip to content

Commit bf50c7a

Browse files
author
Ajit Kumar
committed
fix: update cookie settings to include HttpOnly for enhanced security
1 parent 98b206f commit bf50c7a

4 files changed

Lines changed: 7 additions & 12 deletions

File tree

src/lib/adRewards.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,7 @@ function scheduleExpiryCheck() {
179179

180180
async function getRewardIdentity() {
181181
try {
182-
const userId = user?.id || "Guest";
182+
return String(user?.id || "Guest");
183183
} catch (error) {
184184
console.warn("Failed to resolve rewarded ad user identity.", error);
185185
return String(device?.uuid || "guest");

src/lib/checkPluginsUpdate.js

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import fsOperation from "fileSystem";
22
import Url from "utils/Url";
3+
import config from "./config";
34

45
export default async function checkPluginsUpdate() {
56
const plugins = await fsOperation(PLUGIN_DIR).lsDir();
@@ -13,9 +14,9 @@ export default async function checkPluginsUpdate() {
1314
Url.join(pluginDir.url, "plugin.json"),
1415
).readFile("json");
1516

16-
const res = await fetch({
17-
url: `https://acode.app/api/plugin/check-update/${plugin.id}/${plugin.version}`,
18-
});
17+
const res = await fetch(
18+
`${config.API_BASE}/plugin/check-update/${plugin.id}/${plugin.version}`,
19+
);
1920

2021
if (res.ok) {
2122
const json = await res.json();

src/pages/sponsor/sponsor.js

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ import helpers from "utils/helpers";
1717
* @param {() => void} onclose
1818
*/
1919
export default function Sponsor(onclose) {
20-
const BASE_URL = "https://acode.app/res/";
2120
const $page = Page(strings.sponsor);
2221
let cancel = false;
2322

@@ -67,12 +66,7 @@ export default function Sponsor(onclose) {
6766
msg += `Error: ${rejectedPromise.reason}\n`;
6867
msg += `Code: ${rejectedPromise.value.resCode}`;
6968
} else {
70-
const res = await fetch({
71-
url: BASE_URL + "6.jpeg",
72-
responseType: "blob",
73-
}).catch((err) => {
74-
helpers.error(err);
75-
});
69+
const res = await fetch(`${config.BASE_URL}/res/6.jpeg`);
7670

7771
if (res.ok) {
7872
const url = URL.createObjectURL(await res.blob());

src/plugins/auth/src/android/Authenticator.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ public boolean execute(String action, JSONArray args, CallbackContext callbackCo
5858
private void setTokenCookie(String token) {
5959
CookieManager cm = CookieManager.getInstance();
6060
for (String origin : API_ORIGINS) {
61-
cm.setCookie(origin, "token=" + token + "; Path=/; Secure; SameSite=None");
61+
cm.setCookie(origin, "token=" + token + "; Path=/; Secure; HttpOnly; SameSite=None");
6262
}
6363
cm.flush();
6464
}

0 commit comments

Comments
 (0)