We don't need cookies for REST API

2024-11-22 16:56:39 -06:00 · 2023-11-30 11:08:04 +01:00 · 2023-11-30 11:08:04 +01:00 · a73f476c8a
commit a73f476c8a
parent dbdc20e673
2 changed files with 8 additions and 8 deletions
--- a/server/core/lib/html/shared/page-html.ts
+++ b/server/core/lib/html/shared/page-html.ts
@ -4,7 +4,7 @@ import express from 'express'
 import { readFile } from 'fs/promises'
 import { join } from 'path'
 import { logger } from '../../../helpers/logger.js'
-import { CUSTOM_HTML_TAG_COMMENTS, FILES_CONTENT_HASH, PLUGIN_GLOBAL_CSS_PATH, WEBSERVER } from '../../../initializers/constants.js'
+import { CUSTOM_HTML_TAG_COMMENTS, FILES_CONTENT_HASH, PLUGIN_GLOBAL_CSS_PATH } from '../../../initializers/constants.js'
 import { ServerConfigManager } from '../../server-config-manager.js'
 import { TagsHtml } from './tags-html.js'
 import { pathExists } from 'fs-extra/esm'
@ -94,7 +94,7 @@ export class PageHtml {

      // Save locale in cookies
      res.cookie('clientLanguage', lang, {
-        secure: WEBSERVER.SCHEME === 'https',
+        secure: true,
        sameSite: 'none',
        maxAge: 1000 * 3600 * 24 * 90 // 3 months
      })
--- a/server/server.ts
+++ b/server/server.ts
@ -213,9 +213,6 @@ app.use(express.json({
  }
 }))

-// Cookies
-app.use(cookieParser())
-
 // W3C DNT Tracking Status
 app.use(advertiseDoNotTrack)

@ -230,9 +227,6 @@ app.use('/api/' + API_VERSION, apiRouter)
 // Services (oembed...)
 app.use('/services', servicesRouter)

-// Plugins & themes
-app.use('/', pluginsRouter)
-
 app.use('/', activityPubRouter)
 app.use('/', feedsRouter)
 app.use('/', trackerRouter)
@ -246,6 +240,12 @@ app.use('/', downloadRouter)
 app.use('/', lazyStaticRouter)
 app.use('/', objectStorageProxyRouter)

+// Cookies for plugins and HTML
+app.use(cookieParser())
+
+// Plugins & themes
+app.use('/', pluginsRouter)
+
 // Client files, last valid routes!
 const cliOptions = cli.opts<{ client: boolean, plugins: boolean }>()
 if (cliOptions.client) app.use('/', clientsRouter)