mirror of
https://github.com/ether/etherpad-lite.git
synced 2026-07-18 17:13:58 +00:00
* docs: PR3 GDPR anonymous identity hardening design spec
* docs: PR3 GDPR anon identity implementation plan
* feat(gdpr): ensureAuthorTokenCookie helper — HttpOnly server-set author token
* feat(gdpr): set HttpOnly author-token cookie from the pad routes
* feat(gdpr): read author token from cookie first, keep message.token fallback
* feat(gdpr): stop generating the author token client-side
* test(gdpr): server sets + reuses the HttpOnly author-token cookie
* fix+test(gdpr): parse token cookie from handshake Cookie header
socket.io handshake doesn't run cookie-parser, so socket.request.cookies
is undefined. Parse the Cookie header directly in handleClientReady so
the HttpOnly token actually resolves. Playwright spec covers HttpOnly
attribute, reload-stability, and context-isolation.
* docs(gdpr): token cookie is now HttpOnly + server-set
* fix(gdpr): close two HttpOnly token bypasses
Qodo review:
- Timeslider still ran the pre-PR3 JS-cookie path: it read
Cookies.get('${cp}token') (which HttpOnly hides), then generated a
fresh plaintext token and overwrote the server's HttpOnly cookie with
it, and sent token in every socket message. Strip the token read/
write entirely from timeslider.ts and from the outgoing message
shape; the server reads the cookie off the socket.io handshake just
like on /p/:pad.
- tokenTransfer re-issued the author cookie without HttpOnly, undoing
the hardening the first time a user transferred a session. Re-set
it as HttpOnly + Secure (on HTTPS) + SameSite=Lax. Also stop
trusting the body-supplied token on POST: read it off req.cookies
server-side so the client never needs JS access to the token.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| pluginfw | ||
| types | ||
| vendors | ||
| ace.ts | ||
| ace2_common.ts | ||
| ace2_inner.ts | ||
| AttributeManager.ts | ||
| AttributeMap.ts | ||
| AttributePool.ts | ||
| attributes.ts | ||
| basic_error_handler.ts | ||
| broadcast.ts | ||
| broadcast_revisions.ts | ||
| broadcast_slider.ts | ||
| Builder.ts | ||
| caretPosition.ts | ||
| Changeset.ts | ||
| changesettracker.ts | ||
| ChangesetUtils.ts | ||
| chat.ts | ||
| ChatMessage.ts | ||
| collab_client.ts | ||
| colorutils.ts | ||
| contentcollector.ts | ||
| cssmanager.ts | ||
| domline.ts | ||
| index.ts | ||
| l10n.ts | ||
| linestylefilter.ts | ||
| MergingOpAssembler.ts | ||
| Op.ts | ||
| OpAssembler.ts | ||
| OpIter.ts | ||
| pad.ts | ||
| pad_automatic_reconnect.ts | ||
| pad_connectionstatus.ts | ||
| pad_cookie.ts | ||
| pad_editbar.ts | ||
| pad_editor.ts | ||
| pad_impexp.ts | ||
| pad_modals.ts | ||
| pad_savedrevs.ts | ||
| pad_userlist.ts | ||
| pad_utils.ts | ||
| pad_version_badge.ts | ||
| rjquery.ts | ||
| scroll.ts | ||
| security.ts | ||
| skin_variants.ts | ||
| skiplist.ts | ||
| SmartOpAssembler.ts | ||
| socketio.ts | ||
| StringAssembler.ts | ||
| StringIterator.ts | ||
| TextLinesMutator.ts | ||
| timeslider.ts | ||
| underscore.ts | ||
| undomodule.ts | ||
| welcome.ts | ||