summaryrefslogtreecommitdiff
path: root/app/controllers/concerns
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2018-08-30 13:39:56 -0700
committerStan Hu <stanhu@gmail.com>2018-09-03 22:37:36 -0700
commitb9cee4ba3c5e22766de771edde2b8d523ee84993 (patch)
tree8cfdcb02f48d8ccf1b15e55069829c0d2d4d045d /app/controllers/concerns
parentba99dfcde262c91e33b5bf7f86ba7c0e3b6f7e52 (diff)
downloadgitlab-ce-b9cee4ba3c5e22766de771edde2b8d523ee84993.tar.gz
Set issuable_sort and diff_view cookies to secure when possible
Closes #49120
Diffstat (limited to 'app/controllers/concerns')
-rw-r--r--app/controllers/concerns/issuable_collections.rb12
1 files changed, 8 insertions, 4 deletions
diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb
index 22b39f47bf0..a2c96f5d635 100644
--- a/app/controllers/concerns/issuable_collections.rb
+++ b/app/controllers/concerns/issuable_collections.rb
@@ -1,5 +1,6 @@
module IssuableCollections
extend ActiveSupport::Concern
+ include CookiesHelper
include SortingHelper
include Gitlab::IssuableMetadata
include Gitlab::Utils::StrongMemoize
@@ -107,11 +108,14 @@ module IssuableCollections
end
def set_sort_order_from_cookie
- cookies[remember_sorting_key] = params[:sort] if params[:sort].present?
+ sort_param = params[:sort] if params[:sort].present?
# fallback to legacy cookie value for backward compatibility
- cookies[remember_sorting_key] ||= cookies['issuable_sort']
- cookies[remember_sorting_key] = update_cookie_value(cookies[remember_sorting_key])
- params[:sort] = cookies[remember_sorting_key]
+ sort_param ||= cookies['issuable_sort']
+ sort_param ||= cookies[remember_sorting_key]
+
+ sort_value = update_cookie_value(sort_param)
+ set_secure_cookie(remember_sorting_key, sort_value)
+ params[:sort] = sort_value
end
def remember_sorting_key
View Lorry Controller Status