diff options
author | David Mehren | 2020-09-25 22:39:30 +0200 |
---|---|---|
committer | GitHub | 2020-09-25 22:39:30 +0200 |
commit | 3461993ee05d09106e276e606b143d472908b166 (patch) | |
tree | c17c788b6f39f3ae91e249f48cc653b3d13b6c0b /lib | |
parent | f862b7a1e44c1101a921f19bca4d8d8063eb25ce (diff) | |
parent | 4ece86f0efa1f8f3e4dab0abf810800a045ce632 (diff) |
Merge pull request #486 from codimd/feature/cookie-policy
Diffstat (limited to '')
-rw-r--r-- | lib/config/default.js | 1 | ||||
-rw-r--r-- | lib/config/environment.js | 1 | ||||
-rw-r--r-- | lib/config/index.js | 5 | ||||
-rw-r--r-- | lib/web/statusRouter.js | 3 |
4 files changed, 9 insertions, 1 deletions
diff --git a/lib/config/default.js b/lib/config/default.js index 9284882a..38bb164b 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -27,6 +27,7 @@ module.exports = { upgradeInsecureRequests: 'auto', reportURI: undefined }, + cookiePolicy: 'lax', protocolUseSSL: false, useCDN: false, allowAnonymous: true, diff --git a/lib/config/environment.js b/lib/config/environment.js index 2d76286f..cf9fb5a1 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -22,6 +22,7 @@ module.exports = { enable: toBooleanConfig(process.env.CMD_CSP_ENABLE), reportURI: process.env.CMD_CSP_REPORTURI }, + cookiePolicy: process.env.CMD_COOKIE_POLICY, protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL), allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN), useCDN: toBooleanConfig(process.env.CMD_USECDN), diff --git a/lib/config/index.js b/lib/config/index.js index ee4817b3..b5461a8d 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -51,6 +51,11 @@ if (['debug', 'verbose', 'info', 'warn', 'error'].includes(config.loglevel)) { logger.error('Selected loglevel %s doesn\'t exist, using default level \'debug\'. Available options: debug, verbose, info, warn, error', config.loglevel) } +if (!['strict', 'lax', 'none'].includes(config.cookiePolicy)) { + logger.error('Cookie SameSite policy %s does not exist. Falling back to lax. Available values are: strict, lax, none.', config.cookiePolicy) + config.cookiePolicy = 'lax' +} + // load LDAP CA if (config.ldap.tlsca) { let ca = config.ldap.tlsca.split(',') diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js index 025aafd4..febe2df3 100644 --- a/lib/web/statusRouter.js +++ b/lib/web/statusRouter.js @@ -97,7 +97,8 @@ statusRouter.get('/config', function (req, res) { version: config.fullversion, DROPBOX_APP_KEY: config.dropbox.appKey, allowedUploadMimeTypes: config.allowedUploadMimeTypes, - linkifyHeaderStyle: config.linkifyHeaderStyle + linkifyHeaderStyle: config.linkifyHeaderStyle, + cookiePolicy: config.cookiePolicy } res.set({ 'Cache-Control': 'private', // only cache by client |