Use secure cookie if https (#6644)

2025-07-09 18:36:35 +00:00 · 2020-08-24 14:21:57 +02:00 · 2020-08-24 14:21:57 +02:00 · a90203f256
commit a90203f256
parent c3ef79caa9
2 changed files with 62 additions and 1 deletions
--- a/src/data/hassio/supervisor.ts
+++ b/src/data/hassio/supervisor.ts
@ -71,7 +71,11 @@ export const createHassioSession = async (hass: HomeAssistant) => {
    "POST",
    "hassio/ingress/session"
  );
-  document.cookie = `ingress_session=${response.data.session};path=/api/hassio_ingress/;SameSite=Strict`;
+  document.cookie = `ingress_session=${
+    response.data.session
+  };path=/api/hassio_ingress/;SameSite=Strict${
+    location.protocol === "https:" ? ";Secure" : ""
+  }`;
 };

 export const setSupervisorOption = async (
--- a/test-mocha/hassio/create_session.spec.ts
+++ b/test-mocha/hassio/create_session.spec.ts
@ -0,0 +1,57 @@
+import * as assert from "assert";
+import { createHassioSession } from "../../src/data/hassio/supervisor";
+
+const sessionID = "fhdsu73rh3io4h8f3irhjel8ousafehf8f3yh";
+
+describe("Create hassio session", function () {
+  it("Test create session without HTTPS", async function () {
+    // @ts-ignore
+    global.document = {};
+    // @ts-ignore
+    global.location = {};
+    await createHassioSession({
+      // @ts-ignore
+      callApi: async function () {
+        return { data: { session: sessionID } };
+      },
+    });
+    assert.equal(
+      // @ts-ignore
+      global.document.cookie,
+      "ingress_session=fhdsu73rh3io4h8f3irhjel8ousafehf8f3yh;path=/api/hassio_ingress/;SameSite=Strict"
+    );
+  });
+  it("Test create session with HTTPS", async function () {
+    // @ts-ignore
+    global.document = {};
+    // @ts-ignore
+    global.location = { protocol: "https:" };
+    await createHassioSession({
+      // @ts-ignore
+      callApi: async function () {
+        return { data: { session: sessionID } };
+      },
+    });
+    assert.equal(
+      // @ts-ignore
+      global.document.cookie,
+      "ingress_session=fhdsu73rh3io4h8f3irhjel8ousafehf8f3yh;path=/api/hassio_ingress/;SameSite=Strict;Secure"
+    );
+
+    // Clean up in case they will be used in other tests
+    // @ts-ignore
+    global.document = {};
+    // @ts-ignore
+    global.location = {};
+  });
+  it("Test fail to create", async function () {
+    const createSessionPromise = createHassioSession({
+      // @ts-ignore
+      callApi: async function () {},
+    }).then(
+      () => true,
+      () => false
+    );
+    assert.equal(await createSessionPromise, false);
+  });
+});