diff --git a/lib/socket/socket.react.js b/lib/socket/socket.react.js --- a/lib/socket/socket.react.js +++ b/lib/socket/socket.react.js @@ -28,7 +28,7 @@ type LogOutResult, } from '../types/account-types.js'; import type { CompressedData } from '../types/compression-types.js'; -import { isWebPlatform, type PlatformDetails } from '../types/device-types.js'; +import { type PlatformDetails } from '../types/device-types.js'; import type { CalendarQuery } from '../types/entry-types.js'; import { forcePolicyAcknowledgmentActionType } from '../types/policy-types.js'; import type { Dispatch } from '../types/redux-types.js'; @@ -132,8 +132,8 @@ openSocket(newStatus: ConnectionStatus) { if ( this.props.frozen || - (!isWebPlatform(getConfig().platformDetails.platform) && - (!this.props.cookie || !this.props.cookie.startsWith('user='))) + !this.props.cookie || + !this.props.cookie.startsWith('user=') ) { return; } diff --git a/web/app.react.js b/web/app.react.js --- a/web/app.react.js +++ b/web/app.react.js @@ -84,9 +84,7 @@ // We can't securely cache credentials on web, so we have no way to recover // from a cookie invalidation resolveInvalidatedCookie: null, - // We use httponly cookies on web to protect against XSS attacks, so we have - // no access to the cookies from JavaScript - setCookieOnRequest: false, + setCookieOnRequest: true, setSessionIDOnRequest: true, // Never reset the calendar range calendarRangeInactivityLimit: null, diff --git a/web/selectors/socket-selectors.js b/web/selectors/socket-selectors.js --- a/web/selectors/socket-selectors.js +++ b/web/selectors/socket-selectors.js @@ -6,6 +6,7 @@ import { sessionIDSelector, urlPrefixSelector, + cookieSelector, } from 'lib/selectors/keyserver-selectors.js'; import { getClientResponsesSelector, @@ -42,8 +43,12 @@ const sessionIdentificationSelector: ( state: AppState, ) => SessionIdentification = createSelector( + cookieSelector, sessionIDSelector, - (sessionID: ?string): SessionIdentification => ({ sessionID }), + (cookie: ?string, sessionID: ?string): SessionIdentification => ({ + cookie, + sessionID, + }), ); const getSignedIdentityKeysBlobSelector: (