mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-09 13:51:57 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Set all cookies with sameSite: strict

Browse source 
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Signed-off-by: David Mehren <dmehren1@gmail.com>
This commit is contained in:
David Mehren 2020-06-08 15:27:31 +02:00
parent 49de5f5bd6
commit e77e7b165a
No known key found for this signature in database
GPG key ID: 6017AF117F9756CB
5 changed files with 26 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app.js
View file

@ -139,7 +139,8 @@ app.use(session({
saveUninitialized: true, // always create session to ensure the origin
rolling: true, // reset maxAge on every response
cookie: {
maxAge: config.sessionLife
maxAge: config.sessionLife,
sameSite: 'strict'
},
store: sessionStore
}))