github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-19 13:50:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

Fix broken cookie handling due to missing proxy awareness

Browse source 
We enabled the `secure` flag for various cookies in previous commits.
This caused setups behind reverse proxies to drop cookies as the nodejs
instance wasn't aware of the fact that it was able to hand out secure
commits using an insecure connection (between the codimd instance and
the reverse proxy).

This patch makes express, the webserver framework we use, aware of
proxies and this way re-enabled the handing out of cookies. Not only the
cookie monster will enjoy, but also functionality like authentication
and real-time editing will return as intended.

References:
https://www.npmjs.com/package/express-session#cookiesecure
383d791a50

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
Sheogorath 2020-06-10 12:21:11 +02:00 committed by Dexter Chua
parent 8406f75bb7
commit 3ae999024f
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/lib/app.ts
View file

@ -63,6 +63,13 @@ if (config.useSSL) {
server = http.createServer(app)
}
// if we manage to provide HTTPS domains, but don't provide TLS ourselves
// obviously a proxy is involded. In order to make sure express is aware of
// this, we provide the option to trust proxies here.
if (!config.useSSL && config.protocolUseSSL) {
app.set('trust proxy', 1)
}
// socket io
const io = SocketIO(server, { cookie: false })
io.engine.ws = new WebSocket.Server({