🗝
summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--nginx/handoff.html6
-rw-r--r--nginx/sync.py4
2 files changed, 7 insertions, 3 deletions
diff --git a/nginx/handoff.html b/nginx/handoff.html
index c160580..f012451 100644
--- a/nginx/handoff.html
+++ b/nginx/handoff.html
@@ -12,7 +12,11 @@
 						location = "https://dissociate.mia.jetzt/logout";
 					}
 					await fetch(`/.nginx/cookie?token=${data.token}&max_age=${data.expiresIn - 60}`);
-					location = "/";
+					if (location.hash) {
+						location = location.hash.slice(1);
+					} else {
+						location = "/";
+					}
 				} else {
 					console.log("not authenticated, redirecting");
 					location = "https://dissociate.mia.jetzt/login";
diff --git a/nginx/sync.py b/nginx/sync.py
index 9b02c45..9d81a39 100644
--- a/nginx/sync.py
+++ b/nginx/sync.py
@@ -12,7 +12,7 @@ handoff = map(lambda line: spacing_pattern.sub(r"\1 ", line), handoff)
 handoff = "".join(handoff).replace('"', '\\"').replace("$", "${dollar}")
 
 auth_check = """if ($cookie___proxy_token = "") {
-            return 303 https://$host/.nginx/handoff.html;
+            return 303 https://$host/.nginx/handoff.html#$request_uri;
         }
         auth_request /.nginx/auth;"""
 
@@ -34,7 +34,7 @@ auth_locations = (
             }
 
             location /.nginx/cookie {
-                add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; secure";
+                add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; samesite=lax; secure";
                 return 200;
             }"""
 )