From 7ebf95c743337b7571d3c806e5b0b469bef1b3a7 Mon Sep 17 00:00:00 2001 From: Oleksandr Shulgin Date: Wed, 26 May 2021 15:54:54 +0200 Subject: [PATCH 1/2] Set secure flag for the session cookie Internal ticket #728 --- server/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/config.js b/server/config.js index f9fd24e..7fd7333 100644 --- a/server/config.js +++ b/server/config.js @@ -71,7 +71,7 @@ exports = module.exports = function createConfiguration(env) { //maxAge: 60000, // duration of the cookie in milliseconds, defaults to duration above (cannot be used if 'ephemeral: true') ephemeral: true, // when true, cookie expires when the browser closes (cannot be used with 'maxAge') httpOnly: true, // when true, cookie is not accessible from javascript - secure: false // when true, cookie will only be sent over SSL. use key 'secureProxy' instead if you handle SSL not in your node process + secureProxy: true // we want our session cookie to be secure and we assert that SSL is handled externally (in our case with skipper) } }, From 1714ccef29262291006e7230c01c8e4981f7ad3b Mon Sep 17 00:00:00 2001 From: Oleksandr Shulgin Date: Wed, 26 May 2021 16:00:31 +0200 Subject: [PATCH 2/2] fix that test --- tests/unit/config.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/config.spec.js b/tests/unit/config.spec.js index aa6ed09..aada548 100644 --- a/tests/unit/config.spec.js +++ b/tests/unit/config.spec.js @@ -105,7 +105,7 @@ describe('Config', function() { path: '/', ephemeral: true, httpOnly: true, - secure: false + secureProxy: true } }, credentialsDir: 'deploy/OAUTH'