Merge pull request #4027 from Budibase/fix/samesite

sameSite and secure cookie settings
This commit is contained in:
Martin McKeaveney 2022-01-14 10:34:15 +01:00 committed by GitHub
commit 86d95a1bd9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 0 deletions

View File

@ -6,6 +6,13 @@ function isTest() {
) )
} }
function isDev() {
return (
process.env.NODE_ENV !== "production" &&
process.env.BUDIBASE_ENVIRONMENT !== "production"
)
}
module.exports = { module.exports = {
JWT_SECRET: process.env.JWT_SECRET, JWT_SECRET: process.env.JWT_SECRET,
COUCH_DB_URL: process.env.COUCH_DB_URL, COUCH_DB_URL: process.env.COUCH_DB_URL,
@ -27,6 +34,7 @@ module.exports = {
COOKIE_DOMAIN: process.env.COOKIE_DOMAIN, COOKIE_DOMAIN: process.env.COOKIE_DOMAIN,
PLATFORM_URL: process.env.PLATFORM_URL, PLATFORM_URL: process.env.PLATFORM_URL,
isTest, isTest,
isDev,
_set(key, value) { _set(key, value) {
process.env[key] = value process.env[key] = value
module.exports[key] = value module.exports[key] = value

View File

@ -23,6 +23,7 @@ const { getUserSessions, invalidateSessions } = require("./security/sessions")
const { migrateIfRequired } = require("./migrations") const { migrateIfRequired } = require("./migrations")
const { USER_EMAIL_VIEW_CASING } = require("./migrations").MIGRATIONS const { USER_EMAIL_VIEW_CASING } = require("./migrations").MIGRATIONS
const { GLOBAL_DB } = require("./migrations").MIGRATION_DBS const { GLOBAL_DB } = require("./migrations").MIGRATION_DBS
const { isDev, isTest } = require("./environment")
const APP_PREFIX = DocumentTypes.APP + SEPARATOR const APP_PREFIX = DocumentTypes.APP + SEPARATOR
@ -108,6 +109,11 @@ exports.setCookie = (ctx, value, name = "builder", opts = { sign: true }) => {
overwrite: true, overwrite: true,
} }
if (!isDev() && !isTest()) {
config.sameSite = "none"
config.secure = true
}
if (environment.COOKIE_DOMAIN) { if (environment.COOKIE_DOMAIN) {
config.domain = environment.COOKIE_DOMAIN config.domain = environment.COOKIE_DOMAIN
} }