mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
Merge pull request #18283 from overleaf/bg-session-secret-use-session-secret-in-web
replace SECURITY_SESSION_SECRET with SESSION_SECRET in web GitOrigin-RevId: f6ff5f13cf04e1b59fe44a394a0888af55ae140f
This commit is contained in:
parent
c7f9a80622
commit
41cb0859db
2 changed files with 5 additions and 1 deletions
|
@ -154,6 +154,10 @@ if (Settings.useHttpPermissionsPolicy) {
|
|||
|
||||
RedirectManager.apply(webRouter)
|
||||
|
||||
if (!Settings.security.sessionSecret) {
|
||||
throw new Error('Session secret is not set - refusing to start server')
|
||||
}
|
||||
|
||||
webRouter.use(cookieParser(Settings.security.sessionSecret))
|
||||
SessionAutostartMiddleware.applyInitialMiddleware(webRouter)
|
||||
Modules.registerMiddleware(webRouter, 'sessionMiddleware', {
|
||||
|
|
|
@ -43,7 +43,7 @@ if (httpAuthUser && httpAuthPass) {
|
|||
httpAuthUsers[httpAuthUser] = httpAuthPass
|
||||
}
|
||||
|
||||
const sessionSecret = process.env.SESSION_SECRET || 'secret-please-change'
|
||||
const sessionSecret = process.env.SESSION_SECRET
|
||||
|
||||
const intFromEnv = function (name, defaultValue) {
|
||||
if (
|
||||
|
|
Loading…
Reference in a new issue