summaryrefslogtreecommitdiff
path: root/lib/migrations/20200321153000-fix-account-deletion.js
diff options
context:
space:
mode:
authorSheogorath2020-06-08 15:11:17 +0200
committerSheogorath2020-06-08 16:09:49 +0200
commit383d791a50919bb9890a3f3f797ecc95125ab8bf (patch)
treedc0f3696daafa1e3d45834adf4507270a0bea90f /lib/migrations/20200321153000-fix-account-deletion.js
parent49de5f5bd6239354d98b424804951974588ab25e (diff)
Ensure session cookies are secure
While HSTS should take care of most of this, setting cookies to be secure, and only applied on same site helps to improve situations where for whatever reason, downgrade attacks are still a thing. This patch adds the `sameSite` and `secure` to the session cookie and this way prevent all accidents where a browser may doesn't support HSTS or HSTS is intentionally dropped. Reference: https://www.npmjs.com/package/express-session#cookiesecure Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to 'lib/migrations/20200321153000-fix-account-deletion.js')
0 files changed, 0 insertions, 0 deletions