mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-15 07:34:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add config option for cookie SameSite policy

Browse source 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2020-08-27 02:04:49 +02:00
parent 23d54b8b4b
commit 824f910bfe
No known key found for this signature in database
GPG key ID: DB99ADDDC5C0AF82
13 changed files with 41 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/config/default.js
View file

@ -27,6 +27,7 @@ module.exports = {
upgradeInsecureRequests: 'auto',
reportURI: undefined
},
cookiePolicy: 'strict',
protocolUseSSL: false,
useCDN: false,
allowAnonymous: true,

1
lib/config/environment.js
View file

@ -22,6 +22,7 @@ module.exports = {
enable: toBooleanConfig(process.env.CMD_CSP_ENABLE),
reportURI: process.env.CMD_CSP_REPORTURI
},
cookiePolicy: process.env.CMD_COOKIE_POLICY,
protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),
allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
useCDN: toBooleanConfig(process.env.CMD_USECDN),

5
lib/config/index.js
View file

@ -51,6 +51,11 @@ if (['debug', 'verbose', 'info', 'warn', 'error'].includes(config.loglevel)) {
logger.error('Selected loglevel %s doesn\'t exist, using default level \'debug\'. Available options: debug, verbose, info, warn, error', config.loglevel)
}
if (!['strict', 'lax', 'none'].includes(config.cookiePolicy)) {
logger.error('Cookie SameSite policy %s does not exist. Falling back to strict. Available values are: strict, lax, none.', config.cookiePolicy)
config.cookiePolicy = 'strict'
}
// load LDAP CA
if (config.ldap.tlsca) {
let ca = config.ldap.tlsca.split(',')