Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-11-22 22:17:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4236 from si458/patch-2

Browse Source 
fix dns relay and samesite lax
This commit is contained in:
Ylian Saint-Hilaire 2022-07-07 10:04:09 -07:00 committed by GitHub
commit d9daad6372
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
webserver.js
View File

@ -5747,9 +5747,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
var sessionOptions = { var sessionOptions = {
name: 'xid', // Recommended security practice to not use the default cookie name name: 'xid', // Recommended security practice to not use the default cookie name
httpOnly: true, httpOnly: true,
domain: (certificates.CommonName != 'un-configured' ? "." + certificates.CommonName : null),
keys: [obj.args.sessionkey], // If multiple instances of this server are behind a load-balancer, this secret must be the same for all instances keys: [obj.args.sessionkey], // If multiple instances of this server are behind a load-balancer, this secret must be the same for all instances
secure: (obj.args.tlsoffload == null), // Use this cookie only over TLS (Check this: https://expressjs.com/en/guide/behind-proxies.html) secure: (obj.args.tlsoffload == null), // Use this cookie only over TLS (Check this: https://expressjs.com/en/guide/behind-proxies.html)
sameSite: obj.args.sessionsamesite sameSite: (obj.args.sessionsamesite ? obj.args.sessionsamesite : 'lax')
} }
if (obj.args.sessiontime != null) { sessionOptions.maxAge = (obj.args.sessiontime * 60 * 1000); } if (obj.args.sessiontime != null) { sessionOptions.maxAge = (obj.args.sessiontime * 60 * 1000); }
obj.app.use(obj.session(sessionOptions)); obj.app.use(obj.session(sessionOptions));