From 2f57c6c54bceb7d1be061d6f37b501dd6a58eaa4 Mon Sep 17 00:00:00 2001
From: Osmium Sorcerer <os@sof.beauty>
Date: Tue, 7 Apr 2026 02:55:26 +0000
Subject: Replace cookies with localStorage

Cookies's use case is to store persistent data and send it to the server
in subsequent requests, such as to remember logged-in sessions. WebAO is
using them to store site settings like ad-hoc hash tables that require
parsing and serialization.

As a nasty side-effect of how cookies work, clients send all their
settings every time they connect to the server. Server has absolutely no
use for them, but each client sends them anyway, which is an
uncalled-for privacy leak.

Remove this mechanism entirely, switch to localStorage which serves
exactly the purpose of per-origin store with data that never leaves the
browser.
---
 webAO/utils/getCookie.ts | 26 --------------------------
 webAO/utils/setCookie.ts | 12 ------------
 2 files changed, 38 deletions(-)
 delete mode 100644 webAO/utils/getCookie.ts
 delete mode 100644 webAO/utils/setCookie.ts

(limited to 'webAO/utils')

diff --git a/webAO/utils/getCookie.ts b/webAO/utils/getCookie.ts
deleted file mode 100644
index 73736885..00000000
--- a/webAO/utils/getCookie.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * read a cookie from storage
- * got this from w3schools
- * https://www.w3schools.com/js/js_cookies.asp
- * @param {string} cname The name of the cookie to return
- */
-const getCookie = (cname: string) => {
-  try {
-    const name = `${cname}=`;
-    const decodedCookie = decodeURIComponent(document.cookie);
-    const ca = decodedCookie.split(";");
-    for (let i = 0; i < ca.length; i++) {
-      let c = ca[i];
-      while (c.charAt(0) === " ") {
-        c = c.substring(1);
-      }
-      if (c.indexOf(name) === 0) {
-        return c.substring(name.length, c.length);
-      }
-    }
-    return "";
-  } catch (error) {
-    return "";
-  }
-};
-export default getCookie;
diff --git a/webAO/utils/setCookie.ts b/webAO/utils/setCookie.ts
deleted file mode 100644
index 421fe81f..00000000
--- a/webAO/utils/setCookie.ts
+++ /dev/null
@@ -1,12 +0,0 @@
-/* eslint @typescript-eslint/no-explicit-any: "off" */
-
-/**
- * set a cookie
- * the version from w3schools expects these to expire
- * @param {string} cname The name of the cookie to return
- * @param {any} value The value of that cookie option
- */
-const setCookie = (cname: string, value: any) => {
-  document.cookie = `${cname}=${value};SameSite=Strict`;
-};
-export default setCookie;
-- 
cgit