We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
runtipi
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

fix: set cookie same-site to lax in production

Nicolas Meienberger %!s(int64=2) %!d(string=hai) anos
pai
8ed04f07f4
achega
26ba5c9656
Modificáronse 1 ficheiros con 3 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 3 1
      packages/system-api/src/core/middlewares/sessionMiddleware.ts

+ 3 - 1
packages/system-api/src/core/middlewares/sessionMiddleware.ts
Ver ficheiro 

@@ -6,10 +6,12 @@ import { COOKIE_MAX_AGE, __prod__ } from '../../config/constants/constants';
 
 const getSessionMiddleware = () => {
 
   const FileStore = SessionFileStore(session);
 
 
+  const sameSite = __prod__ ? 'lax' : 'none';
 
+
 
   return session({
 
     name: 'qid',
 
     store: new FileStore(),
 
-    cookie: { maxAge: COOKIE_MAX_AGE, secure: false, sameSite: 'none', httpOnly: true },
 
+    cookie: { maxAge: COOKIE_MAX_AGE, secure: false, sameSite, httpOnly: true },
 
     secret: config.JWT_SECRET,
 
     resave: false,
 
     saveUninitialized: false,

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5