fix domain field in setAccessKeyCookies

2026-01-23 02:14:33 +00:00 · 2020-03-01 03:23:54 +03:00 · 2020-03-01 03:23:54 +03:00 · 4361c44128
commit 4361c44128
parent b63274ad01
1 changed files with 13 additions and 4 deletions
--- a/access.go
+++ b/access.go
@ -3,7 +3,10 @@ package main
 import (
 	"encoding/json"
 	"errors"
+	"log"
 	"net/http"
+	"net/url"
+	"path"
 	"regexp"
 	"strings"
 	"time"
@ -70,19 +73,25 @@ func checkAccessKey(r *http.Request, metadata *backends.Metadata) (accessKeySour
 	return accessKeySourceNone, errInvalidAccessKey
 }

-func setAccessKeyCookies(w http.ResponseWriter, domain, fileName, value string, expires time.Time) {
+func setAccessKeyCookies(w http.ResponseWriter, siteURL, fileName, value string, expires time.Time) {
+	u, err := url.Parse(siteURL)
+	if err != nil {
+		log.Printf("cant parse siteURL (%v): %v", siteURL, err)
+		return
+	}
+
 	cookie := http.Cookie{
 		Name:     accessKeyHeaderName,
 		Value:    value,
 		HttpOnly: true,
-		Domain:   domain,
+		Domain:   u.Hostname(),
 		Expires:  expires,
 	}

-	cookie.Path = Config.sitePath + fileName
+	cookie.Path = path.Join(u.Path, fileName)
 	http.SetCookie(w, &cookie)

-	cookie.Path = Config.sitePath + Config.selifPath + fileName
+	cookie.Path = path.Join(u.Path, Config.selifPath, fileName)
 	http.SetCookie(w, &cookie)
 }