[web] Migrate cookies to redux
a16031408fec
Actions

Description

[web] Migrate cookies to redux

We want to migrate the browser cookies to redux. An explanation why we decided is in ENG-4347 and on Notion. We do the migration on the client after setting the cookie to httpOnly: false on the keyserver. This is normally not recommended because of XSS, but if our end goal is moving the cookie to redux, it will be accesible to js anyway, so there shouldn't be any issue with this. If the attacked can execute any js on the client they can still make authenticated calls to the keyserver/services (for services we keep commAccessToken in redux anyway).

Test Plan: Run the migration, check if the cookie was stored in redux

Reviewers: inka, kamil, atul

Reviewed By: kamil

Subscribers: ashoat, tomek

Differential Revision: https://phab.comm.dev/D9287

Details

Provenance

Michal Gniadek <michal.gniadek@swmansion.com>

Authored on Sep 18 2023, 3:44 AM

Reviewer

kamil

Differential Revision

D9287: [web] Migrate cookies to redux

Parents

rCOMMd7d5043dc63a: [keyserver] Update existing cookie password hashes to sha256

Branches

Unknown

Tags

Unknown

Event Timeline

Michal Gniadek <michal.gniadek@swmansion.com> committed rCOMMa16031408fec: [web] Migrate cookies to redux (authored by Michal Gniadek <michal.gniadek@swmansion.com>).Oct 23 2023, 3:03 AM

Michal Gniadek <michal.gniadek@swmansion.com> added an edge: D9287: [web] Migrate cookies to redux.