From 6a3882cb1f5c6ac3dda08da62e4fff261096fa60 Mon Sep 17 00:00:00 2001 From: Martin McKeaveney Date: Thu, 13 Jan 2022 20:47:16 +0100 Subject: [PATCH] sameSite and secure cookie settings --- packages/backend-core/src/environment.js | 8 ++++++++ packages/backend-core/src/utils.js | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/packages/backend-core/src/environment.js b/packages/backend-core/src/environment.js index c26ad1c199..3db59ab321 100644 --- a/packages/backend-core/src/environment.js +++ b/packages/backend-core/src/environment.js @@ -6,6 +6,13 @@ function isTest() { ) } +function isDev() { + return ( + process.env.NODE_ENV !== "production" && + process.env.BUDIBASE_ENVIRONMENT !== "production" + ) +} + module.exports = { JWT_SECRET: process.env.JWT_SECRET, COUCH_DB_URL: process.env.COUCH_DB_URL, @@ -27,6 +34,7 @@ module.exports = { COOKIE_DOMAIN: process.env.COOKIE_DOMAIN, PLATFORM_URL: process.env.PLATFORM_URL, isTest, + isDev, _set(key, value) { process.env[key] = value module.exports[key] = value diff --git a/packages/backend-core/src/utils.js b/packages/backend-core/src/utils.js index 8c00f2a8b8..37193885f1 100644 --- a/packages/backend-core/src/utils.js +++ b/packages/backend-core/src/utils.js @@ -23,6 +23,7 @@ const { getUserSessions, invalidateSessions } = require("./security/sessions") const { migrateIfRequired } = require("./migrations") const { USER_EMAIL_VIEW_CASING } = require("./migrations").MIGRATIONS const { GLOBAL_DB } = require("./migrations").MIGRATION_DBS +const { isDev, isTest } = require("./environment") const APP_PREFIX = DocumentTypes.APP + SEPARATOR @@ -108,6 +109,11 @@ exports.setCookie = (ctx, value, name = "builder", opts = { sign: true }) => { overwrite: true, } + if (!isDev() && !isTest()) { + config.sameSite = "none" + config.secure = true + } + if (environment.COOKIE_DOMAIN) { config.domain = environment.COOKIE_DOMAIN }