Secure cookies only when HTTPS expected. (Not with remote Selenium)

Author: pablobm

app/assets/javascripts/index.js

@@ -171,16 +171,16 @@ $(function () {
       map.getLayersCode(),
       map._object);
 
-    Cookies.set("_osm_location", OSM.locationCookie(map), { secure: true, expires: expiry, path: "/", samesite: "lax" });
+    OSM.COOKIES.set("_osm_location", OSM.locationCookie(map), { expires: expiry });
   });
 
-  if (Cookies.get("_osm_welcome") !== "hide") {
+  if (OSM.COOKIES.get("_osm_welcome") !== "hide") {
     $(".welcome").removeAttr("hidden");
   }
 
   $(".welcome .btn-close").on("click", function () {
     $(".welcome").hide();
-    Cookies.set("_osm_welcome", "hide", { secure: true, expires: expiry, path: "/", samesite: "lax" });
+    OSM.COOKIES.set("_osm_welcome", "hide", { expires: expiry });
   });
 
   const bannerExpiry = new Date();
@@ -191,7 +191,7 @@ $(function () {
     $("#banner").hide();
     e.preventDefault();
     if (cookieId) {
-      Cookies.set(cookieId, "hide", { secure: true, expires: bannerExpiry, path: "/", samesite: "lax" });
+      OSM.COOKIES.set(cookieId, "hide", { expires: bannerExpiry });
     }
   });
 

app/assets/javascripts/index/directions.js

@@ -137,17 +137,17 @@ OSM.Directions = function (map) {
   }
 
   setEngine("fossgis_osrm_car");
-  setEngine(Cookies.get("_osm_directions_engine"));
+  setEngine(OSM.COOKIES.get("_osm_directions_engine"));
 
   modeGroup.on("change", "input[name='modes']", function (e) {
     setEngine(chosenEngine.provider + "_" + e.target.value);
-    Cookies.set("_osm_directions_engine", chosenEngine.id, { secure: true, expires: expiry, path: "/", samesite: "lax" });
+    OSM.COOKIES.set("_osm_directions_engine", chosenEngine.id, { expires: expiry });
     getRoute(true, true);
   });
 
   select.on("change", function (e) {
     setEngine(e.target.value + "_" + chosenEngine.mode);
-    Cookies.set("_osm_directions_engine", chosenEngine.id, { secure: true, expires: expiry, path: "/", samesite: "lax" });
+    OSM.COOKIES.set("_osm_directions_engine", chosenEngine.id, { expires: expiry });
     getRoute(true, true);
   });
 

app/assets/javascripts/index/new_note.js

@@ -146,8 +146,8 @@ OSM.NewNote = function (map) {
 
       createNote(location, text, (feature) => {
         if (typeof OSM.user === "undefined") {
-          const anonymousNotesCount = Number(Cookies.get("_osm_anonymous_notes_count")) || 0;
-          Cookies.set("_osm_anonymous_notes_count", anonymousNotesCount + 1, { secure: true, expires: 30, path: "/", samesite: "lax" });
+          const anonymousNotesCount = Number(OSM.COOKIES.get("_osm_anonymous_notes_count")) || 0;
+          OSM.COOKIES.set("_osm_anonymous_notes_count", anonymousNotesCount + 1, { expires: 30 });
         }
         content.find("textarea").val("");
         addCreatedNoteMarker(feature);

app/assets/javascripts/language_selector.js

@@ -8,7 +8,7 @@ $(document).on("click", "#select_language_dialog [data-language-code]", function
     form.elements.language.value = code;
     form.submit();
   } else {
-    Cookies.set("_osm_locale", code, { path: "/", samesite: "lax" });
+    OSM.COOKIES.set("_osm_locale", code);
     location.reload();
   }
 });

app/assets/javascripts/osm.js.erb

@@ -3,6 +3,9 @@
 //= depend_on layers.yml
 //= depend_on legend.yml
 
+// Temporary variable to avoid a circular dependency.
+let _COOKIES = Cookies.withAttributes({ path: "/", samesite: "lax", secure: <%= (Settings.server_protocol == "https").to_json %> });
+
 OSM = {
   ...<%=
     %i[
@@ -27,6 +30,8 @@ OSM = {
       end.to_json
   %>,
 
+  COOKIES: _COOKIES,
+
   DEFAULT_LOCALE: <%= I18n.default_locale.to_json %>,
 
   LAYER_DEFINITIONS: <%= MapLayers::full_definitions("config/layers.yml", :legends => "config/legend.yml").to_json %>,
@@ -73,7 +78,7 @@ OSM = {
 
     const hash = OSM.parseHash();
 
-    const loc = Cookies.get("_osm_location")?.split("|");
+    const loc = _COOKIES.get("_osm_location")?.split("|");
 
     function bboxToLatLngBounds({ minlon, minlat, maxlon, maxlat }) {
       return L.latLngBounds([minlat, minlon], [maxlat, maxlon]);
@@ -228,3 +233,7 @@ OSM = {
     alertModal.show();
   }
 };
+
+// This value now lives in its final location.
+// This reference can be deleted.
+_COOKIES = null;