fix(striker-ui-api): set session cookie options

* Set 'secure' because we don't have a certificate yet
* Set 'httpOnly' to avoid exposing the cookie in 'document'
main
Tsu-ba-me 2 years ago
parent 2eb5b8a094
commit dc765b3719
  1. 6
      striker-ui-api/src/session.ts

@ -182,7 +182,11 @@ export class SessionStore extends BaseSessionStore {
export default (async () => export default (async () =>
expressSession({ expressSession({
cookie: { maxAge: DEFAULT_COOKIE_ORIGINAL_MAX_AGE }, cookie: {
httpOnly: true,
maxAge: DEFAULT_COOKIE_ORIGINAL_MAX_AGE,
secure: false,
},
genid: ({ path }) => { genid: ({ path }) => {
const sid = uuid(); const sid = uuid();

Loading…
Cancel
Save