Merge pull request #18283 from overleaf/bg-session-secret-use-session-secret-in-web

replace SECURITY_SESSION_SECRET with SESSION_SECRET in web

GitOrigin-RevId: f6ff5f13cf04e1b59fe44a394a0888af55ae140f
This commit is contained in:
Brian Gough 2024-05-13 13:34:41 +01:00 committed by Copybot
parent c7f9a80622
commit 41cb0859db
2 changed files with 5 additions and 1 deletions

View file

@ -154,6 +154,10 @@ if (Settings.useHttpPermissionsPolicy) {
RedirectManager.apply(webRouter)
if (!Settings.security.sessionSecret) {
throw new Error('Session secret is not set - refusing to start server')
}
webRouter.use(cookieParser(Settings.security.sessionSecret))
SessionAutostartMiddleware.applyInitialMiddleware(webRouter)
Modules.registerMiddleware(webRouter, 'sessionMiddleware', {

View file

@ -43,7 +43,7 @@ if (httpAuthUser && httpAuthPass) {
httpAuthUsers[httpAuthUser] = httpAuthPass
}
const sessionSecret = process.env.SESSION_SECRET || 'secret-please-change'
const sessionSecret = process.env.SESSION_SECRET
const intFromEnv = function (name, defaultValue) {
if (