From b9a7bb529e2446e4052d61de987d4b6fc774b3cc Mon Sep 17 00:00:00 2001
From: Michal Kolodziejski <michal.kolodziejski@cern.ch>
Date: Wed, 5 May 2021 07:47:41 +0200
Subject: [PATCH] Set secure attribute on cookies if possible

Signed-off-by: Michal Kolodziejski <michal.kolodziejski@cern.ch>
---
 public/js/index.js            |  3 ++-
 public/js/lib/common/login.js |  6 ++++--
 public/js/lib/editor/index.js | 30 ++++++++++++++++++++----------
 public/js/locale.js           |  3 ++-
 4 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/public/js/index.js b/public/js/index.js
index bf39389d80..6d0274fcfc 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -1633,7 +1633,8 @@ function toggleNightMode () {
   } else {
     Cookies.set('nightMode', !isActive, {
       expires: 365,
-      sameSite: 'Lax'
+      sameSite: 'Lax',
+      secure: window.location.protocol === 'https:'
     })
   }
 }
diff --git a/public/js/lib/common/login.js b/public/js/lib/common/login.js
index ca09431f91..6e2557f153 100644
--- a/public/js/lib/common/login.js
+++ b/public/js/lib/common/login.js
@@ -20,12 +20,14 @@ export function resetCheckAuth () {
 export function setLoginState (bool, id) {
   Cookies.set('loginstate', bool, {
     expires: 365,
-    sameSite: 'Lax'
+    sameSite: 'Lax',
+    secure: window.location.protocol === 'https:'
   })
   if (id) {
     Cookies.set('userid', id, {
       expires: 365,
-      sameSite: 'Lax'
+      sameSite: 'Lax',
+      secure: window.location.protocol === 'https:'
     })
   } else {
     Cookies.remove('userid')
diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js
index 634bfd66ed..10e3f62366 100644
--- a/public/js/lib/editor/index.js
+++ b/public/js/lib/editor/index.js
@@ -415,13 +415,15 @@ export default class Editor {
       if (this.editor.getOption('indentWithTabs')) {
         Cookies.set('indent_type', 'tab', {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
         type.text('Tab Size:')
       } else {
         Cookies.set('indent_type', 'space', {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
         type.text('Spaces:')
       }
@@ -433,12 +435,14 @@ export default class Editor {
       if (this.editor.getOption('indentWithTabs')) {
         Cookies.set('tab_size', unit, {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
       } else {
         Cookies.set('space_units', unit, {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
       }
       widthLabel.text(unit)
@@ -507,7 +511,8 @@ export default class Editor {
       var keymap = this.editor.getOption('keyMap')
       Cookies.set('keymap', keymap, {
         expires: 365,
-        sameSite: 'Lax'
+        sameSite: 'Lax',
+        secure: window.location.protocol === 'https:'
       })
       label.text(keymap)
       this.restoreOverrideEditorKeymap()
@@ -543,7 +548,8 @@ export default class Editor {
       this.editor.setOption('theme', theme)
       Cookies.set('theme', theme, {
         expires: 365,
-        sameSite: 'Lax'
+        sameSite: 'Lax',
+        secure: window.location.protocol === 'https:'
       })
       this.statusIndicators.find('.status-theme li').removeClass('active')
       this.statusIndicators.find(`.status-theme li[value="${theme}"]`).addClass('active')
@@ -646,7 +652,8 @@ export default class Editor {
 
         Cookies.set('spellcheck', false, {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
 
         self.editor.setOption('mode', defaultEditorMode)
@@ -655,7 +662,8 @@ export default class Editor {
 
         Cookies.set('spellcheck', lang, {
           expires: 365,
-          sameSite: 'Lax'
+          sameSite: 'Lax',
+          secure: window.location.protocol === 'https:'
         })
 
         self.editor.setOption('mode', 'spell-checker')
@@ -677,7 +685,8 @@ export default class Editor {
       }
       Cookies.set('linter', true, {
         expires: 365,
-        sameSite: 'Lax'
+        sameSite: 'Lax',
+        secure: window.location.protocol === 'https:'
       })
     } else {
       this.editor.setOption('gutters', gutters.filter(g => g !== lintGutter))
@@ -727,7 +736,8 @@ export default class Editor {
     if (overrideBrowserKeymap.is(':checked')) {
       Cookies.set('preferences-override-browser-keymap', true, {
         expires: 365,
-        sameSite: 'Lax'
+        sameSite: 'Lax',
+        secure: window.location.protocol === 'https:'
       })
       this.restoreOverrideEditorKeymap()
     } else {
diff --git a/public/js/locale.js b/public/js/locale.js
index a782236ff6..110b427b1d 100644
--- a/public/js/locale.js
+++ b/public/js/locale.js
@@ -26,7 +26,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected')
 locale.change(function () {
   Cookies.set('locale', $(this).val(), {
     expires: 365,
-    sameSite: 'Lax'
+    sameSite: 'Lax',
+    secure: window.location.protocol === 'https:'
   })
   window.location.reload()
 })