Merge pull request #486 from codimd/feature/cookie-policy

author: David Mehren 2020-09-25 22:39:30 +0200
committer: GitHub 2020-09-25 22:39:30 +0200
commit: 3461993ee05d09106e276e606b143d472908b166 (patch)
tree: c17c788b6f39f3ae91e249f48cc653b3d13b6c0b /app.js
parent: f862b7a1e44c1101a921f19bca4d8d8063eb25ce (diff)
parent: 4ece86f0efa1f8f3e4dab0abf810800a045ce632 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app.js b/app.js
index d102e816..236c77b9 100644
--- a/app.js
+++ b/app.js
@@ -147,7 +147,7 @@ app.use(session({
   rolling: true, // reset maxAge on every response
   cookie: {
     maxAge: config.sessionLife,
-    sameSite: 'lax',
+    sameSite: config.cookiePolicy, // be careful: setting a SameSite value of none without https breaks the editor
     secure: config.useSSL || config.protocolUseSSL || false
   },
   store: sessionStore
author	David Mehren	2020-09-25 22:39:30 +0200
committer	GitHub	2020-09-25 22:39:30 +0200
commit	3461993ee05d09106e276e606b143d472908b166 (patch)
tree	c17c788b6f39f3ae91e249f48cc653b3d13b6c0b /app.js
parent	f862b7a1e44c1101a921f19bca4d8d8063eb25ce (diff)
parent	4ece86f0efa1f8f3e4dab0abf810800a045ce632 (diff)