fix: transmit cookies securely

2024-07-20 18:21:17 +02:00
parent ea2d6d8f48
commit d4f1e74f30
2 changed files with 7 additions and 2 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,2 +1,3 @@
 DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
-SECRET=
+SECRET=
+ENVIRONMENT=
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -27,7 +27,11 @@ server.set('trust proxy', 1);
 server.use(
  session({
    secret: process.env.SECRET,
-    name: 'sessionId'
+    name: 'sessionId',
+    cookie: {
+      secure: process.env.ENVIRONMENT !== 'dev',
+      httpOnly: true
+    }
  })
 );
 server.use(limiter);