Page MenuHomePhabricator

[web] Migrate cookies to redux
ClosedPublic

Authored by michal on Sep 25 2023, 7:05 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 11, 10:08 PM
Unknown Object (File)
Sun, Nov 10, 7:53 AM
Unknown Object (File)
Thu, Nov 7, 11:46 PM
Unknown Object (File)
Thu, Nov 7, 11:46 PM
Unknown Object (File)
Thu, Nov 7, 11:46 PM
Unknown Object (File)
Thu, Nov 7, 11:37 PM
Unknown Object (File)
Thu, Nov 7, 7:31 PM
Unknown Object (File)
Oct 12 2024, 12:04 PM
Subscribers

Details

Summary

ENG-4767

We want to migrate the browser cookies to redux. An explanation why we decided is in ENG-4347 and on Notion. We do the migration on the client after setting the cookie to httpOnly: false on the keyserver. This is normally not recommended because of XSS, but if our end goal is moving the cookie to redux, it will be accesible to js anyway, so there shouldn't be any issue with this. If the attacked can execute any js on the client they can still make authenticated calls to the keyserver/services (for services we keep commAccessToken in redux anyway).

Test Plan

Run the migration, check if the cookie was stored in redux

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable