PageTemplate/Cookies

* set path and domain on consent cookie * if page uses https, tag cookies as secure * use samesite=lax so cookies get sent if user visits via external link
2026-02-04 23:23:45 +01:00 · 2026-02-04 23:23:45 +01:00 · e421bdba79
commit e421bdba79
parent 511e1a78e6
2 changed files with 9 additions and 5 deletions
--- a/static/js/basic.js
+++ b/static/js/basic.js
@ -473,12 +473,16 @@ $WH.sp = function(z) {
 // Set cookie
 $WH.sc = function(z, y, x, w, v) {
    var a = new Date();
-    var b = z + "=" + escape(x) + "; ";
+    var b = z + "=" + encodeURI(x) + "; ";

    a.setDate(a.getDate() + y);
    b += "expires=" + a.toUTCString() + "; ";

-    b += "SameSite=strict;";
+    b += "samesite=lax; ";
+
+    if (location.protocol === 'https:') {
+        b += "secure; ";
+    }

    if (w) {
        b += "path=" + w + "; ";
@ -502,7 +506,7 @@ $WH.dc = function(z) {
 // Get all cookies (return value is cached)
 $WH.gc = function(z) {
    if ($WH.gc.I == null) { // Initialize cookie table
-        var words = unescape(document.cookie).split("; ");
+        var words = decodeURI(document.cookie).split("; ");

        $WH.gc.C = {};
        for (var i = 0, len = words.length; i < len; ++i) {
--- a/static/js/consent.js
+++ b/static/js/consent.js
@ -1,10 +1,10 @@
 $(document).ready(function() {
    $WH.qs('#consent-overlay #accept-btn').onclick = function () {
-        $WH.sc('consent', 1000, 1);
+        $WH.sc('consent', 1000, 1, '/', location.hostname);
        $WH.ge('consent-overlay').style.display = 'none';
    };
    $WH.qs('#consent-overlay #reject-all').onclick = function () {
-        $WH.sc('consent', 1000, 0);
+        $WH.sc('consent', 1000, 0, '/', location.hostname);
        $WH.ge('consent-overlay').style.display = 'none';
    };
 });