ShareX
/
personal-gallery-node
mirror of https://github.com/karasevm/personal-gallery-node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Harden auth cookies

This commit is contained in:
Maksim Karasev 2023-01-20 20:39:15 +03:00
parent 69545efa8e
commit 928ade376b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/server/src/routes/login.ts
View File

@ -15,7 +15,7 @@ loginRouter.post('/', async (req, res) => {
res.cookie('personal-gallery_auth', result, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
sameSite: 'strict',
expires: new Date(new Date().setFullYear(new Date().getFullYear() + 3)),
});
res.status(200).json({ status: 'success' });
@ -40,7 +40,7 @@ loginRouter.post('/register', async (req, res) => {
res.cookie('personal-gallery_auth', result, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production' && req.protocol === 'https',
sameSite: 'lax',
sameSite: 'strict',
expires: new Date(new Date().setFullYear(new Date().getFullYear() + 3)),
});
res.status(200).json({ status: 'success' });
@ -54,7 +54,7 @@ loginRouter.post('/logout', async (req, res) => {
res.cookie('personal-gallery_auth', '', {
httpOnly: true,
secure: process.env.NODE_ENV === 'production' && req.protocol === 'https',
sameSite: 'lax',
sameSite: 'strict',
expires: new Date(0),
});
res.set('Clear-Site-Data', '"cache", "cookies", "storage"');