sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add config option for cookie SameSite policy

Browse Source 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson
2020-08-27 02:04:49 +02:00
parent 23d54b8b4b
commit 824f910bfe
13 changed files with 41 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/config/default.js
View File

@@ -27,6 +27,7 @@ module.exports = {
upgradeInsecureRequests: 'auto',
reportURI: undefined
},
cookiePolicy: 'strict',
protocolUseSSL: false,
useCDN: false,
allowAnonymous: true,

1
lib/config/environment.js
View File

@@ -22,6 +22,7 @@ module.exports = {
enable: toBooleanConfig(process.env.CMD_CSP_ENABLE),
reportURI: process.env.CMD_CSP_REPORTURI
},
cookiePolicy: process.env.CMD_COOKIE_POLICY,
protocolUseSSL: toBooleanConfig(process.env.CMD_PROTOCOL_USESSL),
allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
useCDN: toBooleanConfig(process.env.CMD_USECDN),

5
lib/config/index.js
View File

@@ -51,6 +51,11 @@ if (['debug', 'verbose', 'info', 'warn', 'error'].includes(config.loglevel)) {
logger.error('Selected loglevel %s doesn\'t exist, using default level \'debug\'. Available options: debug, verbose, info, warn, error', config.loglevel)
}
if (!['strict', 'lax', 'none'].includes(config.cookiePolicy)) {
logger.error('Cookie SameSite policy %s does not exist. Falling back to strict. Available values are: strict, lax, none.', config.cookiePolicy)
config.cookiePolicy = 'strict'
}
// load LDAP CA
if (config.ldap.tlsca) {
let ca = config.ldap.tlsca.split(',')