0ct0pu5/runtipi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: set cookie same-site to lax in production

Browse source
This commit is contained in:
Nicolas Meienberger 2022-09-07 18:22:50 +02:00
parent 8ed04f07f4
commit 26ba5c9656
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/system-api/src/core/middlewares/sessionMiddleware.ts
View file

@ -6,10 +6,12 @@ import { COOKIE_MAX_AGE, __prod__ } from '../../config/constants/constants';
const getSessionMiddleware = () => {
const FileStore = SessionFileStore(session);
const sameSite = __prod__ ? 'lax' : 'none';
return session({
name: 'qid',
store: new FileStore(),
cookie: { maxAge: COOKIE_MAX_AGE, secure: false, sameSite: 'none', httpOnly: true },
cookie: { maxAge: COOKIE_MAX_AGE, secure: false, sameSite, httpOnly: true },
secret: config.JWT_SECRET,
resave: false,
saveUninitialized: false,