hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-06-02 16:09:59 -04:00

History

Sheogorath 8406f75bb7 Ensure session cookies are secure While HSTS should take care of most of this, setting cookies to be secure, and only applied on same site helps to improve situations where for whatever reason, downgrade attacks are still a thing. This patch adds the `sameSite` and `secure` to the session cookie and this way prevent all accidents where a browser may doesn't support HSTS or HSTS is intentionally dropped. Reference: https://www.npmjs.com/package/express-session#cookiesecure Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>	2020-07-10 18:40:56 +08:00
..
lib	Ensure session cookies are secure	2020-07-10 18:40:56 +08:00
test	ESLint fixes for tests 🚨	2020-05-22 21:48:15 +02:00

Sheogorath 8406f75bb7 Ensure session cookies are secure

While HSTS should take care of most of this, setting cookies to be
secure, and only applied on same site helps to improve situations where
for whatever reason, downgrade attacks are still a thing.

This patch adds the `sameSite` and `secure` to the session cookie and
this way prevent all accidents where a browser may doesn't support HSTS
or HSTS is intentionally dropped.

Reference:
https://www.npmjs.com/package/express-session#cookiesecure

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>

2020-07-10 18:40:56 +08:00

lib

Ensure session cookies are secure

2020-07-10 18:40:56 +08:00

test

ESLint fixes for tests 🚨

2020-05-22 21:48:15 +02:00