I am heavily a beginner and I'm very confused as to how to implement changing the SameSite attribute.
There does seem plenty of similar posts , I understand I need to change the SameSite to sameSite: 'none', secure: true - I'm just not sure where to place it within my code.
I am building a website using html and javascript, testing on a local server using Node.js.
I understand there is an example that shows me the adjustment, I'm just confused as to where in my code to make such an adjustment.
This is a result of the following error:
Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery. Resolve this issue by updating the attributes of the cookie: Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use. Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests.
The cookie is to keep a user logged in over multiple pages using firebase authentication - do I need to specify the specific cookie? How does this effect security?
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Example</title>
</head>
<body>
<div id="loggedOut">
<h3>please log in.</h3>
<form onsubmit="login(event)">
<input type="text" id="email" name="email" placeholder="your@email.com">
<input type="text" id="password" name="password" placeholder="password">
<button type="submit" id="logIn" value="Login">login.</button>
</form>
</div>
</body>
<script type="module" >
// FIREBASE CONFIG
// Import the functions you need from the SDKs you need
import { initializeApp } from "https://www.gstatic.com/firebasejs/9.18.0/firebase-app.js";
import { getDatabase, set, ref, onValue } from "https://www.gstatic.com/firebasejs/9.18.0/firebase-database.js";
import { getAuth, signInWithEmailAndPassword, setPersistence, browserLocalPersistence } from "https://www.gstatic.com/firebasejs/9.18.0/firebase-auth.js";
// TODO: Add SDKs for Firebase products that you want to use
// https://firebase.google.com/docs/web/setup#available-libraries
// Your web app's Firebase configuration
const firebaseConfig = {
apiKey: "xx",
authDomain: "xx",
projectId: "xx",
storageBucket: "xx",
messagingSenderId: "xx",
appId: "xx",
databaseURL : "https://"
};
// Initialize Firebase
const app = initializeApp(firebaseConfig);
const database = getDatabase(app);
const auth = getAuth();
//const auth = getAuth(app);
logIn.addEventListener('click', (e) => {
var email = document.getElementById('email').value;
var password = document.getElementById('password').value;
signInWithEmailAndPassword(auth, email, password)
.then((userCredential) => {
// Signed in
const user = userCredential.user;
window.location = './home.html';
// ...
})
.catch((error) => {
const errorCode = error.code;
const errorMessage = error.email;
alert(errorMessage);
});
const user = auth.currentUser;
if (user) {
// User is signed in, see docs for a list of available properties
// https://firebase.google.com/docs/reference/js/firebase.User
// ...
const displayName = "users" + user.uid;
alert(displayName)
const starCountRef = ref(database, displayName + '/username');
onValue(starCountRef, (snapshot) => {
const data = snapshot.val();
alert(data)
});
} else {
// No user is signed in.
alert('error')
}
})
</script>
<script>
function login(event) {
event.preventDefault()
}
function logout() {
}
</script>
</html>
No comments:
Post a Comment