From e421bdba79741b0e0df866bf67b8613f75084c27 Mon Sep 17 00:00:00 2001 From: Sarjuuk Date: Wed, 4 Feb 2026 23:23:45 +0100 Subject: [PATCH] PageTemplate/Cookies * set path and domain on consent cookie * if page uses https, tag cookies as secure * use samesite=lax so cookies get sent if user visits via external link --- static/js/basic.js | 10 +++++++--- static/js/consent.js | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/static/js/basic.js b/static/js/basic.js index 9a0a23ad..7e738b11 100644 --- a/static/js/basic.js +++ b/static/js/basic.js @@ -473,12 +473,16 @@ $WH.sp = function(z) { // Set cookie $WH.sc = function(z, y, x, w, v) { var a = new Date(); - var b = z + "=" + escape(x) + "; "; + var b = z + "=" + encodeURI(x) + "; "; a.setDate(a.getDate() + y); b += "expires=" + a.toUTCString() + "; "; - b += "SameSite=strict;"; + b += "samesite=lax; "; + + if (location.protocol === 'https:') { + b += "secure; "; + } if (w) { b += "path=" + w + "; "; @@ -502,7 +506,7 @@ $WH.dc = function(z) { // Get all cookies (return value is cached) $WH.gc = function(z) { if ($WH.gc.I == null) { // Initialize cookie table - var words = unescape(document.cookie).split("; "); + var words = decodeURI(document.cookie).split("; "); $WH.gc.C = {}; for (var i = 0, len = words.length; i < len; ++i) { diff --git a/static/js/consent.js b/static/js/consent.js index 1142d60d..fb3842c1 100644 --- a/static/js/consent.js +++ b/static/js/consent.js @@ -1,10 +1,10 @@ $(document).ready(function() { $WH.qs('#consent-overlay #accept-btn').onclick = function () { - $WH.sc('consent', 1000, 1); + $WH.sc('consent', 1000, 1, '/', location.hostname); $WH.ge('consent-overlay').style.display = 'none'; }; $WH.qs('#consent-overlay #reject-all').onclick = function () { - $WH.sc('consent', 1000, 0); + $WH.sc('consent', 1000, 0, '/', location.hostname); $WH.ge('consent-overlay').style.display = 'none'; }; });