github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #18283 from overleaf/bg-session-secret-use-session-secret-in-web

Browse source 
replace SECURITY_SESSION_SECRET with SESSION_SECRET in web

GitOrigin-RevId: f6ff5f13cf04e1b59fe44a394a0888af55ae140f
This commit is contained in:
Brian Gough 2024-05-13 13:34:41 +01:00 committed by Copybot
parent c7f9a80622
commit 41cb0859db
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/web/app/src/infrastructure/Server.js
View file

@ -154,6 +154,10 @@ if (Settings.useHttpPermissionsPolicy) {
RedirectManager.apply(webRouter) RedirectManager.apply(webRouter)
if (!Settings.security.sessionSecret) {
throw new Error('Session secret is not set - refusing to start server')
}
webRouter.use(cookieParser(Settings.security.sessionSecret)) webRouter.use(cookieParser(Settings.security.sessionSecret))
SessionAutostartMiddleware.applyInitialMiddleware(webRouter) SessionAutostartMiddleware.applyInitialMiddleware(webRouter)
Modules.registerMiddleware(webRouter, 'sessionMiddleware', { Modules.registerMiddleware(webRouter, 'sessionMiddleware', {

2
services/web/config/settings.defaults.js
View file

@ -43,7 +43,7 @@ if (httpAuthUser && httpAuthPass) {
httpAuthUsers[httpAuthUser] = httpAuthPass httpAuthUsers[httpAuthUser] = httpAuthPass
} }
const sessionSecret = process.env.SESSION_SECRET || 'secret-please-change' const sessionSecret = process.env.SESSION_SECRET
const intFromEnv = function (name, defaultValue) { const intFromEnv = function (name, defaultValue) {
if ( if (