diff options
author | David Mehren | 2020-09-25 22:39:30 +0200 |
---|---|---|
committer | GitHub | 2020-09-25 22:39:30 +0200 |
commit | 3461993ee05d09106e276e606b143d472908b166 (patch) | |
tree | c17c788b6f39f3ae91e249f48cc653b3d13b6c0b /app.js | |
parent | f862b7a1e44c1101a921f19bca4d8d8063eb25ce (diff) | |
parent | 4ece86f0efa1f8f3e4dab0abf810800a045ce632 (diff) |
Merge pull request #486 from codimd/feature/cookie-policy
Diffstat (limited to '')
-rw-r--r-- | app.js | 2 | ||||
-rw-r--r-- | app.json | 4 |
2 files changed, 5 insertions, 1 deletions
@@ -147,7 +147,7 @@ app.use(session({ rolling: true, // reset maxAge on every response cookie: { maxAge: config.sessionLife, - sameSite: 'lax', + sameSite: config.cookiePolicy, // be careful: setting a SameSite value of none without https breaks the editor secure: config.useSSL || config.protocolUseSSL || false }, store: sessionStore @@ -56,6 +56,10 @@ "description": "set to use ssl protocol for resources path (only applied when domain is set)", "required": false }, + "CMD_COOKIE_POLICY": { + "description": "Set whether cookies should be sent cross-origin (SameSite value)", + "required": false + }, "CMD_URL_ADDPORT": { "description": "set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set)", "required": false |