Skip to content

Commit

Permalink
secure cookie inp rod
Browse files Browse the repository at this point in the history
  • Loading branch information
@goto-bus-stop
goto-bus-stop committed Nov 26, 2024
1 parent bd35d4b commit 3adb558
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions src/HttpApi.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,9 @@ async function httpApi(uw, options) {
authRegistry: new AuthRegistry(uw.redis),
});

uw.express = express();
uw.express.set('query parser', /** @param {string} str */ (str) => qs.parse(str, { depth: 1 }));

uw.httpApi
.use(pinoHttp({
genReqId: () => randomUUID(),
Expand All @@ -114,6 +117,10 @@ async function httpApi(uw, options) {
secret: options.secret,
resave: false,
saveUninitialized: false,
cookie: {
secure: uw.express.get('env') === 'production',
httpOnly: true,
},
}))
.use(uw.passport.initialize())
.use(addFullUrl())
Expand All @@ -136,9 +143,6 @@ async function httpApi(uw, options) {
.use('/server', server())
.use('/users', users());

uw.express = express();
uw.express.set('query parser', /** @param {string} str */ (str) => qs.parse(str, { depth: 1 }));

uw.server = http.createServer(uw.express);
if (options.helmet !== false) {
uw.express.use(helmet({
Expand Down

0 comments on commit 3adb558

Please sign in to comment.