Add config option for cookie SameSite policy

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-27 02:04:49 +02:00
parent 23d54b8b4b
commit 824f910bfe
13 changed files with 41 additions and 25 deletions
--- a/app.js
+++ b/app.js
@@ -147,7 +147,7 @@ app.use(session({
  rolling: true, // reset maxAge on every response
  cookie: {
    maxAge: config.sessionLife,
-    sameSite: 'lax',
+    sameSite: config.cookiePolicy, // be careful: setting a SameSite value of none without https breaks the editor
    secure: config.useSSL || config.protocolUseSSL || false
  },
  store: sessionStore