Cavemanon/haproxy-protection
9
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change bot-check cookie to Lax because that only breaks cross-site navigations without providing any real securit ybenefit

Browse Source
This commit is contained in:
Thomas Lynch
2024-12-08 12:41:53 +11:00
parent 923957d0e7
commit 413deac66b
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/lua/scripts/bot-check.lua
View File

@@ -297,8 +297,8 @@ function _M.view(applet)
applet:add_header( applet:add_header(
"set-cookie", "set-cookie",
string.format( string.format(
--"_basedflare_pow=%s; Expires=%s; Path=/; Domain=.%s; SameSite=Strict; HttpOnly;%s", --"_basedflare_pow=%s; Expires=%s; Path=/; Domain=.%s; SameSite=Lax; HttpOnly;%s",
"_basedflare_pow=%s; Expires=%s; Path=/; Domain=%s; SameSite=Strict; %s", "_basedflare_pow=%s; Expires=%s; Path=/; Domain=%s; SameSite=Lax; %s",
combined_cookie, combined_cookie,
expiry_date_p, expiry_date_p,
applet.headers['host'][0], applet.headers['host'][0],
@@ -361,7 +361,7 @@ function _M.view(applet)
applet:add_header( applet:add_header(
"set-cookie", "set-cookie",
string.format( string.format(
"_basedflare_captcha=%s; Expires=%s; Path=/; Domain=%s; SameSite=Strict; HttpOnly;%s", "_basedflare_captcha=%s; Expires=%s; Path=/; Domain=%s; SameSite=Lax; HttpOnly;%s",
combined_cookie, combined_cookie,
expiry_date_c, expiry_date_c,
applet.headers['host'][0], applet.headers['host'][0],