Security: Set cookie as secure if HTTPS - refs BT#21289

ywarnier · ywarnier · commit 9da3f3bac251 · 2023-12-18T13:52:38.000+01:00
diff --git a/main/calendar/agenda_js.php b/main/calendar/agenda_js.php
@@ -396,6 +396,12 @@
 
 $tpl->assign('group_id', (!empty($group_id) ? $group_id : 0));
 
+if (api_is_https()) {
+    $tpl->assign('is_https', 1);
+} else {
+    $tpl->assign('is_https', 0);
+}
+
 $templateName = $tpl->get_template('agenda/month.tpl');
 $content = $tpl->fetch($templateName);
 $tpl->assign('content', $content);
diff --git a/main/template/default/agenda/month.tpl b/main/template/default/agenda/month.tpl
@@ -266,7 +266,7 @@ $(function() {
                 'view': view.name,
                 'start': view.intervalStart.format("YYYY-MM-DD")
             };
-            Cookies.set('agenda_cookies', data, 1); // Expires 1 day
+            Cookies.set('agenda_cookies', data, { expires: 1{% if is_https %}, secure: true{% endif %} }); // Expires 1 day
         },
 		// Add event
 		select: function(start, end, jsEvent, view) {
