From 3c14d65a996857cf8a356b442f1b31cbdcfea46d Mon Sep 17 00:00:00 2001
From: Marcos Pereira <marcos.silva@gmail.com>
Date: Thu, 26 Nov 2020 15:35:42 -0500
Subject: [PATCH 1/2] Add samesite=lax to paradox cookies

Not specifying `SameSite` implies the value is `None`, but
then the cookie should be marked as `Secure`. Browsers will
start to reject cookies that are `SameSite=None` but not `Secure`.

More details: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
---
 themes/generic/src/main/assets/js/groups.js | 38 +++++++++------------
 1 file changed, 16 insertions(+), 22 deletions(-)

diff --git a/themes/generic/src/main/assets/js/groups.js b/themes/generic/src/main/assets/js/groups.js
index 0e43fc84..29296aea 100644
--- a/themes/generic/src/main/assets/js/groups.js
+++ b/themes/generic/src/main/assets/js/groups.js
@@ -19,30 +19,24 @@ $(function() {
   if(cookieTg != "")
     currentGroups = JSON.parse(cookieTg);
 
-  // http://www.w3schools.com/js/js_cookies.asp
-  function setCookie(cname,cvalue,exdays) {
-    if(!exdays) exdays = 365;
-    var d = new Date();
-    d.setTime(d.getTime() + (exdays*24*60*60*1000));
-    var expires = "expires=" + d.toGMTString();
-    document.cookie = cname + "=" + encodeURIComponent(cvalue) + ";" + expires + ";path=/";
+  // https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie
+  function setCookie(cookieName, cookieValue, daysToExpire) {
+    if (!daysToExpire) daysToExpire = 365;
+    const now = new Date();
+    now.setDate(now.getDate() + daysToExpire);
+    // The lax value will send the cookie for all same-site
+    // requests and top-level navigation GET requests. This
+    // is sufficient for user tracking, but it will prevent
+    // many CSRF attacks. This is the default value in modern browsers.
+    document.cookie = `${cookieName}=${encodeURIComponent(cookieValue)};expires=${now.toUTCString()};path=/;samesite=lax`;
   }
 
-  // http://www.w3schools.com/js/js_cookies.asp
-  function getCookie(cname) {
-    var name = cname + "=";
-    var decodedCookie = decodeURIComponent(document.cookie);
-    var ca = decodedCookie.split(';');
-    for(var i = 0; i < ca.length; i++) {
-      var c = ca[i];
-      while (c.charAt(0) == ' ') {
-        c = c.substring(1);
-      }
-      if (c.indexOf(name) == 0) {
-        return c.substring(name.length, c.length);
-      }
-    }
-    return "";
+  // https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie#Example_2_Get_a_sample_cookie_named_test2
+  function getCookie(cookieName) {
+    const cookieAttr = decodeURIComponent(document.cookie)
+        .split(";")
+        .find(row => row.trimStart().startsWith(cookieName))
+    return cookieAttr ? cookieAttr.split("=")[1] : "";
   }
 
   $("dl").has("dd > pre").each(function() {

From 7badd1ec63d69dfd8136759146bac80c6ec10d23 Mon Sep 17 00:00:00 2001
From: Marcos Pereira <marcos.silva@gmail.com>
Date: Thu, 26 Nov 2020 15:37:40 -0500
Subject: [PATCH 2/2] Some small refactoring to use modern JavaScript

---
 themes/generic/src/main/assets/js/groups.js | 22 ++++++++-------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/themes/generic/src/main/assets/js/groups.js b/themes/generic/src/main/assets/js/groups.js
index 29296aea..10d102a8 100644
--- a/themes/generic/src/main/assets/js/groups.js
+++ b/themes/generic/src/main/assets/js/groups.js
@@ -122,9 +122,8 @@ $(function() {
       .val(group);
 
     // Inline snippets:
-    for (var i = 0; i < catalog[supergroup].length; i++) {
-      var peer = catalog[supergroup][i];
-      if (peer == group) {
+    catalog[supergroup].forEach(peer => {
+      if (peer === group) {
         $("." + group).show();
       } else {
         $("." + peer).hide();
@@ -142,9 +141,7 @@ $(function() {
       });
     });
 
-    for (var i = 0; i < groupChangeListeners.length; i++) {
-      groupChangeListeners[i](group, supergroup, catalog);
-    }
+    groupChangeListeners.forEach(listener => listener(group, supergroup, catalog));
   }
 
   function switchToTab(dt) {
@@ -156,15 +153,12 @@ $(function() {
   }
 
   function groupOf(elem) {
-    var classAttribute = elem.next("dd").find("pre").attr("class");
+    const classAttribute = elem.next("dd").find("pre").attr("class");
     if (classAttribute) {
-      var currentClasses = classAttribute.split(' ');
-      var regex = new RegExp("^group-.*");
-      for(var i = 0; i < currentClasses.length; i++) {
-        if(regex.test(currentClasses[i])) {
-          return currentClasses[i];
-        }
-      }
+      const currentClasses = classAttribute.split(' ');
+      const regex = new RegExp("^group-.*");
+      const matchingClass = currentClasses.find(cc => regex.test(cc));
+      if (matchingClass) return matchingClass;
     }
 
     // No class found? Then use the tab title