fix(theme): preview cookies settings

- check user before setting cookie - set secure when served from https
PRX · Mar 15, 2024 · 3efb92f · 3efb92f
1 parent 5b0693c
commit 3efb92f
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/wp-content/themes/the-world/functions.php b/wp-content/themes/the-world/functions.php
@@ -106,12 +106,13 @@ function tw_preview_post_link( $preview_link, $post ) {
 	function tw_init_set_auth_cookie() {
 		$auth       = new WPGraphQL\JWT_Authentication\Auth();
 		$secret_key = $auth->get_secret_key();
+		$user       = wp_get_current_user();
 
-		if ( $secret_key && ! isset( $_COOKIE['STYXKEY-can_preview'] ) ) {
+		if ( $user && $secret_key && ! isset( $_COOKIE['STYXKEY-can_preview'] ) ) {
 			$hostname = wp_parse_url( get_site_url(), PHP_URL_HOST );
 			// NOTE: Regex assumes front-end domains will use single segment TLD's.
 			$domain = trim( preg_replace( '~.*?\.?((?:\.?[\w_-]+){2})$~', '$1', $hostname ), '.' );
-			$token  = $auth->get_refresh_token( wp_get_current_user() );
+			$token  = $auth->get_refresh_token( $user );
 
 			setcookie(
 				'STYXKEY-can_preview',
@@ -121,6 +122,7 @@ function tw_init_set_auth_cookie() {
 					'path'     => '/',
 					'domain'   => $domain,
 					'httponly' => true,
+					'secure'   => isset( $_SERVER['HTTPS'] ),
 				)
 			);
 		}