Skip to content

Instantly share code, notes, and snippets.

@vielhuber
Last active March 30, 2020 13:33
Show Gist options
  • Save vielhuber/8b723b3329c080e9245028b4d0a3fc64 to your computer and use it in GitHub Desktop.
Save vielhuber/8b723b3329c080e9245028b4d0a3fc64 to your computer and use it in GitHub Desktop.
cookie block allow whitelist blacklist control #php #js
const whitelist = ['_gid'],
cookieDesc = Object.getOwnPropertyDescriptor(Document.prototype, 'cookie');
if (cookieDesc && cookieDesc.configurable) {
Object.defineProperty(document, 'cookie', {
get: () => {
return cookieDesc.get.call(document);
},
set: val => {
let accept = false;
whitelist.forEach(whitelist__value => {
if (val.indexOf(whitelist__value + '=') === 0) {
accept = true;
}
});
if (accept === true) {
cookieDesc.set.call(document, val);
}
}
});
}
<?php
$whitelist = [
'foo'
];
$cookies = [];
foreach (headers_list() as $headers__value) {
if (strpos($headers__value, 'Set-Cookie: ') === 0) {
$cookies[] = $headers__value;
}
}
if (!empty($cookies)) {
header_remove('Set-Cookie');
foreach ($cookies as $cookies__value) {
$accept = false;
foreach ($whitelist as $whitelist__value) {
if (strpos($cookies__value, 'Set-Cookie: ' . $whitelist__value . '=') === 0) {
$accept = true;
break;
}
}
if ($accept === true) {
header($cookies__value);
}
}
}
if (!empty($_COOKIE)) {
foreach ($_COOKIE as $cookies__key => $cookies__value) {
if (!in_array($cookies__key, $whitelist)) {
unset($_COOKIE[$cookies__key]);
setcookie($cookies__key, '', time() - 3600, '/');
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment