Add config option for cookie SameSite policy

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
author: Erik Michelson 2020-08-27 02:04:49 +0200
committer: Erik Michelson 2020-08-27 02:04:49 +0200
commit: 824f910bfe39b8d789ca3edcfca44b66f603a81c (patch)
tree: 4038ca3553f9487eb1c476fa1d7b54355bd341b7 /app.js
parent: 23d54b8b4b3a9587220c9211d2a92c22609a4de8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app.js b/app.js
index d102e816..236c77b9 100644
--- a/app.js
+++ b/app.js
@@ -147,7 +147,7 @@ app.use(session({
   rolling: true, // reset maxAge on every response
   cookie: {
     maxAge: config.sessionLife,
-    sameSite: 'lax',
+    sameSite: config.cookiePolicy, // be careful: setting a SameSite value of none without https breaks the editor
     secure: config.useSSL || config.protocolUseSSL || false
   },
   store: sessionStore
author	Erik Michelson	2020-08-27 02:04:49 +0200
committer	Erik Michelson	2020-08-27 02:04:49 +0200
commit	824f910bfe39b8d789ca3edcfca44b66f603a81c (patch)
tree	4038ca3553f9487eb1c476fa1d7b54355bd341b7 /app.js
parent	23d54b8b4b3a9587220c9211d2a92c22609a4de8 (diff)