ensure secure cookies are used in express-session

2025-11-14 00:32:35 +10:00 · 2025-01-13 16:04:27 +01:00
parent eb7813ac6f
commit 33cb3dbd6a
52 changed files with 255 additions and 50 deletions
--- a/apps/server/src/main.ts
+++ b/apps/server/src/main.ts
@ -28,6 +28,7 @@ async function bootstrap() {
      resave: false,
      saveUninitialized: false,
      secret: configService.getOrThrow("ACCESS_TOKEN_SECRET"),
+      cookie: { httpOnly: true, secure: process.env.NODE_ENV === "production" },
    }),
  );