diff options
author | Erik Michelson | 2020-08-27 02:04:49 +0200 |
---|---|---|
committer | Erik Michelson | 2020-08-27 02:04:49 +0200 |
commit | 824f910bfe39b8d789ca3edcfca44b66f603a81c (patch) | |
tree | 4038ca3553f9487eb1c476fa1d7b54355bd341b7 /app.js | |
parent | 23d54b8b4b3a9587220c9211d2a92c22609a4de8 (diff) |
Add config option for cookie SameSite policy
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Diffstat (limited to '')
-rw-r--r-- | app.js | 2 | ||||
-rw-r--r-- | app.json | 4 |
2 files changed, 5 insertions, 1 deletions
@@ -147,7 +147,7 @@ app.use(session({ rolling: true, // reset maxAge on every response cookie: { maxAge: config.sessionLife, - sameSite: 'lax', + sameSite: config.cookiePolicy, // be careful: setting a SameSite value of none without https breaks the editor secure: config.useSSL || config.protocolUseSSL || false }, store: sessionStore @@ -56,6 +56,10 @@ "description": "set to use ssl protocol for resources path (only applied when domain is set)", "required": false }, + "CMD_COOKIE_POLICY": { + "description": "Set whether cookies should be sent cross-origin (SameSite value)", + "required": false + }, "CMD_URL_ADDPORT": { "description": "set to add port on callback url (port 80 or 443 won't applied) (only applied when domain is set)", "required": false |