[IMPROVE] Secure cookies when using HTTPS connection (#15500)

6 years ago · 50589a3b1e
parent da6025e2e5
commit 50589a3b1e
1 changed files with 4 additions and 2 deletions
--- a/app/file-upload/client/lib/fileUploadHandler.js
+++ b/app/file-upload/client/lib/fileUploadHandler.js
@ -27,7 +27,9 @@ export const fileUploadHandler = (directive, meta, file) => {

 Tracker.autorun(function() {
 	if (Meteor.userId()) {
-		document.cookie = `rc_uid=${ escape(Meteor.userId()) }; path=/`;
-		document.cookie = `rc_token=${ escape(Accounts._storedLoginToken()) }; path=/`;
+		const secure = location.protocol === 'https:' ? '; secure' : '';
+
+		document.cookie = `rc_uid=${ escape(Meteor.userId()) }; path=/${ secure }`;
+		document.cookie = `rc_token=${ escape(Accounts._storedLoginToken()) }; path=/${ secure }`;
 	}
 });