From e72614296c64f2f0f924b550a3b747eb2ee01bd3 Mon Sep 17 00:00:00 2001 From: Simon Smith Date: Thu, 7 Jul 2022 14:57:48 +0100 Subject: [PATCH] fix dns relay and samesite lax --- webserver.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webserver.js b/webserver.js index 776e27d2..88a26c42 100644 --- a/webserver.js +++ b/webserver.js @@ -5747,9 +5747,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF var sessionOptions = { name: 'xid', // Recommended security practice to not use the default cookie name httpOnly: true, + domain: (certificates.CommonName != 'un-configured' ? "." + certificates.CommonName : null), keys: [obj.args.sessionkey], // If multiple instances of this server are behind a load-balancer, this secret must be the same for all instances secure: (obj.args.tlsoffload == null), // Use this cookie only over TLS (Check this: https://expressjs.com/en/guide/behind-proxies.html) - sameSite: obj.args.sessionsamesite + sameSite: (obj.args.sessionsamesite ? obj.args.sessionsamesite : 'lax') } if (obj.args.sessiontime != null) { sessionOptions.maxAge = (obj.args.sessiontime * 60 * 1000); } obj.app.use(obj.session(sessionOptions));