From d4f1e74f30610eedc3e6218809afbeb003523130 Mon Sep 17 00:00:00 2001
From: Riccardo <riccardo.s@hey.com>
Date: Sat, 20 Jul 2024 18:21:17 +0200
Subject: [PATCH] fix: transmit cookies securely

---
 .env.example         | 3 ++-
 src/server/server.ts | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index e99ee0f..ffa98dd 100644
--- a/.env.example
+++ b/.env.example
@@ -1,2 +1,3 @@
 DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
-SECRET=
\ No newline at end of file
+SECRET=
+ENVIRONMENT=
\ No newline at end of file
diff --git a/src/server/server.ts b/src/server/server.ts
index 0fa76d1..7b1c6ec 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -27,7 +27,11 @@ server.set('trust proxy', 1);
 server.use(
   session({
     secret: process.env.SECRET,
-    name: 'sessionId'
+    name: 'sessionId',
+    cookie: {
+      secure: process.env.ENVIRONMENT !== 'dev',
+      httpOnly: true
+    }
   })
 );
 server.use(limiter);