From 37a690a4c38f76060beb1f898a40c0841c16b8f2 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Sun, 29 Jan 2023 18:34:48 +0000
Subject: [PATCH] fix cookie + rproxy oversights

---
 copyparty/httpcli.py  | 22 ++++++++++------------
 copyparty/util.py     |  2 +-
 copyparty/web/util.js |  4 +++-
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index cee25d12..84214b87 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -605,12 +605,12 @@ class HttpCli(object):
         if self.is_rclone:
             return ""
 
-        cmap = {"pw": "cppwd"}
-        kv = {
-            k: zs
-            for k, zs in self.uparam.items()
-            if k not in rm and self.cookies.get(cmap.get(k, k)) != zs
-        }
+        kv = {k: zs for k, zs in self.uparam.items() if k not in rm}
+        if "pw" in kv:
+            pw = self.cookies.get("cppws") or self.cookies.get("cppwd")
+            if kv["pw"] == pw:
+                del kv["pw"]
+
         kv.update(add)
         if not kv:
             return ""
@@ -1909,9 +1909,7 @@ class HttpCli(object):
         self.parser.drop()
 
         self.out_headerlist = [
-            x
-            for x in self.out_headerlist
-            if x[0] != "Set-Cookie" or "cppwd" != x[1][:5]
+            x for x in self.out_headerlist if x[0] != "Set-Cookie" or "cppw" != x[1][:4]
         ]
 
         dst = self.args.SRS
@@ -1943,12 +1941,12 @@ class HttpCli(object):
         if pwd == "x":
             # reset both plaintext and tls
             # (only affects active tls cookies when tls)
-            for k in ("cppwd", "cppws") if self.tls else ("cppwd",):
+            for k in ("cppwd", "cppws") if self.is_https else ("cppwd",):
                 ck = gencookie(k, pwd, self.args.R, False, dur)
                 self.out_headerlist.append(("Set-Cookie", ck))
         else:
-            k = "cppws" if self.tls else "cppwd"
-            ck = gencookie(k, pwd, self.args.R, self.tls, dur)
+            k = "cppws" if self.is_https else "cppwd"
+            ck = gencookie(k, pwd, self.args.R, self.is_https, dur)
             self.out_headerlist.append(("Set-Cookie", ck))
 
         return msg
diff --git a/copyparty/util.py b/copyparty/util.py
index 8cf0110c..c8e001a5 100644
--- a/copyparty/util.py
+++ b/copyparty/util.py
@@ -1562,7 +1562,7 @@ def gencookie(k: str, v: str, r: str, tls: bool, dur: Optional[int]) -> str:
     else:
         exp = "Fri, 15 Aug 1997 01:00:00 GMT"
 
-    return "{}={}; Path=/{}; Expires={}; HttpOnly{}; SameSite=Lax".format(
+    return "{}={}; Path=/{}; Expires={}{}; SameSite=Lax".format(
         k, v, r, exp, "; Secure" if tls else ""
     )
 
diff --git a/copyparty/web/util.js b/copyparty/web/util.js
index ef87a1d9..2f525c5a 100644
--- a/copyparty/web/util.js
+++ b/copyparty/web/util.js
@@ -692,7 +692,9 @@ function noq_href(el) {
 
 
 function get_pwd() {
-    var pwd = ('; ' + document.cookie).split('; cppwd=');
+    var k = HTTPS ? 's=' : 'd=',
+        pwd = ('; ' + document.cookie).split('; cppw' + k);
+
     if (pwd.length < 2)
         return null;