mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-01-19 14:13:34 +01:00
prefix with ep_
This commit is contained in:
parent
c5a37d7a92
commit
38daa2f29a
9 changed files with 15 additions and 15 deletions
|
@ -4,7 +4,7 @@ Cookies used by Etherpad.
|
|||
|
||||
| Name | Sample value | Domain | Path | Expires/max-age | Http-only| Secure | Usage description |
|
||||
|-----------------|------------------------------------|-------------|------|-----------------|----------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
|express_sid | s%3A7yCNjRmTW8ylGQ53I2IhOwYF9... | example.org | / | Session | true | true | Session ID of the [Express web framework](https://expressjs.com). When Etherpad is behind a reverse proxy, and an administrator wants to use session stickiness, he may use this cookie. If you are behind a reverse proxy, please remember to set `trustProxy: true` in `settings.json`. Set in [webaccess.js#L131](https://github.com/ether/etherpad-lite/blob/01497aa399690e44393e91c19917d11d025df71b/src/node/hooks/express/webaccess.js#L131). |
|
||||
|ep_express_sid | s%3A7yCNjRmTW8ylGQ53I2IhOwYF9... | example.org | / | Session | true | true | Session ID of the [Express web framework](https://expressjs.com). When Etherpad is behind a reverse proxy, and an administrator wants to use session stickiness, he may use this cookie. If you are behind a reverse proxy, please remember to set `trustProxy: true` in `settings.json`. Set in [webaccess.js#L131](https://github.com/ether/etherpad-lite/blob/01497aa399690e44393e91c19917d11d025df71b/src/node/hooks/express/webaccess.js#L131). |
|
||||
|language | en | example.org | / | Session | false | true | The language of the UI (e.g.: `en-GB`, `it`). Set in [pad_editor.js#L111](https://github.com/ether/etherpad-lite/blob/01497aa399690e44393e91c19917d11d025df71b/src/static/js/pad_editor.js#L111). |
|
||||
|prefs / prefsHttp| %7B%22epThemesExtTheme%22... | example.org | /p | year 3000 | false | true | Client-side preferences (e.g.: font family, chat always visible, show authorship colors, ...). Set in [pad_cookie.js#L49](https://github.com/ether/etherpad-lite/blob/01497aa399690e44393e91c19917d11d025df71b/src/static/js/pad_cookie.js#L49). `prefs` is used if Etherpad is accessed over HTTPS, `prefsHttp` if accessed over HTTP. For more info see https://github.com/ether/etherpad-lite/issues/3179. |
|
||||
|token | t.tFzkihhhBf4xKEpCK3PU | example.org | / | 60 days | false | true | A random token representing the author, of the form `t.randomstring_of_lenght_20`. The random string is generated by the client, at ([pad.js#L55-L66](https://github.com/ether/etherpad-lite/blob/01497aa399690e44393e91c19917d11d025df71b/src/static/js/pad.js#L55-L66)). This cookie is always set by the client (at [pad.js#L153-L158](https://github.com/ether/etherpad-lite/blob/01497aa399690e44393e91c19917d11d025df71b/src/static/js/pad.js#L153-L158)) without any solicitation from the server. It is used for all the pads accessed via the web UI (not used for the HTTP API). On the server side, its value is accessed at [SecurityManager.js#L33](https://github.com/ether/etherpad-lite/blob/01497aa399690e44393e91c19917d11d025df71b/src/node/db/SecurityManager.js#L33).|
|
||||
|
|
|
@ -47,5 +47,5 @@ const supertest = require('supertest');
|
|||
res = await api.post(uri('createSession', {apikey, groupID, authorID, validUntil}));
|
||||
if (res.body.code === 1) throw new Error(`Error creating session: ${res.body}`);
|
||||
console.log('Session made: ====> create a cookie named sessionID and set the value to',
|
||||
res.body.data.sessionID);
|
||||
res.body.data.ep_sessionID);
|
||||
})();
|
||||
|
|
|
@ -857,7 +857,7 @@ const createSessionInfoAuth = (sessionInfo, message) => {
|
|||
// the sessionId of this connection is still valid
|
||||
// since it could have been deleted by the API.
|
||||
sessionInfo.auth = {
|
||||
sessionID: message.sessionID,
|
||||
ep_sessionID: message.sessionID,
|
||||
padID: message.padId,
|
||||
token: message.token,
|
||||
};
|
||||
|
|
|
@ -176,7 +176,7 @@ exports.restartServer = async () => {
|
|||
saveUninitialized: true,
|
||||
// Set the cookie name to a javascript identifier compatible string. Makes code handling it
|
||||
// cleaner :)
|
||||
name: 'express_sid',
|
||||
name: 'ep_express_sid',
|
||||
proxy: true,
|
||||
cookie: {
|
||||
sameSite: settings.cookie.sameSite,
|
||||
|
|
|
@ -71,7 +71,7 @@ exports.expressCreateServer = (hookName, args, cb) => {
|
|||
(async () => {
|
||||
const {session: {user} = {}} = req;
|
||||
const {accessStatus} = await securityManager.checkAccess(
|
||||
req.params.pad, req.cookies.sessionID, req.cookies.token, user);
|
||||
req.params.pad, req.cookies.ep_sessionID, req.cookies.token, user);
|
||||
if (accessStatus !== 'grant' || !webaccess.userCanModify(req.params.pad, req)) {
|
||||
return res.status(403).send('Forbidden');
|
||||
}
|
||||
|
|
|
@ -62,7 +62,7 @@ exports.expressCreateServer = (hookName, args, cb) => {
|
|||
* falls back to long polling or below.
|
||||
*
|
||||
* In Etherpad's case, if an operator needs to load balance, he can use the
|
||||
* "express_sid" cookie, and thus "io" is of no use.
|
||||
* "ep_express_sid" cookie, and thus "io" is of no use.
|
||||
*
|
||||
* Moreover, socket.io API does not offer a way of setting the "secure" flag
|
||||
* on it, and thus is a liability.
|
||||
|
@ -98,7 +98,7 @@ exports.expressCreateServer = (hookName, args, cb) => {
|
|||
}
|
||||
if (!req.headers.cookie) {
|
||||
// socketio.js-client on node.js doesn't support cookies (see https://git.io/JU8u9), so the
|
||||
// token and express_sid cookies have to be passed via a query parameter for unit tests.
|
||||
// token and ep_express_sid cookies have to be passed via a query parameter for unit tests.
|
||||
req.headers.cookie = socket.handshake.query.cookie;
|
||||
}
|
||||
// See: https://socket.io/docs/faq/#Usage-with-express-session
|
||||
|
|
|
@ -6,7 +6,7 @@ module.exports = async (req, res) => {
|
|||
try {
|
||||
const {session: {user} = {}} = req;
|
||||
const accessObj = await securityManager.checkAccess(
|
||||
req.params.pad, req.cookies.sessionID, req.cookies.token, user);
|
||||
req.params.pad, req.cookies.ep_sessionID, req.cookies.token, user);
|
||||
|
||||
if (accessObj.accessStatus === 'grant') {
|
||||
// there is access, continue
|
||||
|
|
|
@ -137,8 +137,8 @@ describe(__filename, function () {
|
|||
.expect('Content-Type', /json/)
|
||||
.expect((res) => {
|
||||
assert.equal(res.body.code, 0);
|
||||
assert(res.body.data.sessionID);
|
||||
sessionID = res.body.data.sessionID;
|
||||
assert(res.body.data.ep_sessionID);
|
||||
sessionID = res.body.data.ep_sessionID;
|
||||
});
|
||||
});
|
||||
|
||||
|
@ -150,8 +150,8 @@ describe(__filename, function () {
|
|||
.expect('Content-Type', /json/)
|
||||
.expect((res) => {
|
||||
assert.equal(res.body.code, 0);
|
||||
assert(res.body.data.sessionID);
|
||||
sessionID = res.body.data.sessionID;
|
||||
assert(res.body.data.ep_sessionID);
|
||||
sessionID = res.body.data.ep_sessionID;
|
||||
});
|
||||
});
|
||||
|
||||
|
@ -255,8 +255,8 @@ describe(__filename, function () {
|
|||
.expect('Content-Type', /json/)
|
||||
.expect((res) => {
|
||||
assert.equal(res.body.code, 0);
|
||||
assert(res.body.data.sessionID);
|
||||
sessionID = res.body.data.sessionID;
|
||||
assert(res.body.data.ep_sessionID);
|
||||
sessionID = res.body.data.ep_sessionID;
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ const connect = async (res) => {
|
|||
forceNew: true, // Different tests will have different query parameters.
|
||||
path: '/socket.io',
|
||||
// socketio.js-client on node.js doesn't support cookies (see https://git.io/JU8u9), so the
|
||||
// express_sid cookie must be passed as a query parameter.
|
||||
// ep_express_sid cookie must be passed as a query parameter.
|
||||
query: {cookie: reqCookieHdr},
|
||||
});
|
||||
try {
|
||||
|
|
Loading…
Reference in a new issue