golang/pkgsite: improve hostname verification to ensure origin before…

… setting cookie Updates frontend to only check for `*.go.dev` / `go.dev`, instead of `*go.dev` Change-Id: I1460aa69f2f032f9a098a22651586bb737927453 GitHub-Last-Rev: 61741be GitHub-Pull-Request: #88 Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/574655 Reviewed-by: Aviv Keller <[email protected]> TryBot-Bypass: Jonathan Amsterdam <[email protected]> Reviewed-by: Jonathan Amsterdam <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Carlos Amedee <[email protected]>
golang · Apr 10, 2024 · 493d85e · 493d85e
1 parent 29d7d25
commit 493d85e
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/static/frontend/frontend.ts b/static/frontend/frontend.ts
@@ -128,7 +128,7 @@ function toggleTheme() {
     nextTheme = 'auto';
   }
   let domain = '';
-  if (location.hostname.endsWith('go.dev')) {
+  if (location.hostname === 'go.dev' || location.hostname.endsWith(".go.dev")) {
     domain = 'domain=.go.dev;';
   }
   document.documentElement.setAttribute('data-theme', nextTheme);
@@ -147,7 +147,7 @@ function registerCookieNotice() {
     notice?.classList.add('Cookie-notice--visible');
     button?.addEventListener('click', () => {
       let domain = '';
-      if (location.hostname.endsWith('go.dev')) {
+      if (location.hostname === 'go.dev' || location.hostname.endsWith(".go.dev")) {
         // Apply the cookie to *.go.dev.
         domain = 'domain=.go.dev;';
       }