Fix: trust proxy for cookies behind nginx, sameSite=lax for OAuth
This commit is contained in:
Alexej Wolff
+6
-1
@@ -45,6 +45,11 @@ async function connectDB() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Middleware
|
// Middleware
|
||||||
|
// Trust proxy in production (needed for secure cookies behind nginx)
|
||||||
|
if (isProduction) {
|
||||||
|
app.set("trust proxy", 1);
|
||||||
|
}
|
||||||
|
|
||||||
app.use(express.json({ limit: "10mb" }));
|
app.use(express.json({ limit: "10mb" }));
|
||||||
app.use(
|
app.use(
|
||||||
cors({
|
cors({
|
||||||
@@ -66,7 +71,7 @@ app.use(
|
|||||||
cookie: {
|
cookie: {
|
||||||
secure: isProduction, // true в production с HTTPS
|
secure: isProduction, // true в production с HTTPS
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
sameSite: isProduction ? "strict" : "lax",
|
sameSite: "lax", // "lax" needed for OAuth redirects from Discord
|
||||||
maxAge: 7 * 24 * 60 * 60 * 1000, // 7 дней
|
maxAge: 7 * 24 * 60 * 60 * 1000, // 7 дней
|
||||||
},
|
},
|
||||||
}),
|
}),
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user