option for insecure cookies in production mode, and add missing stuff to example config

5 years ago · f7efa9f34f
parent f31d4123f3
commit f7efa9f34f
3 changed files with 6 additions and 2 deletions
--- a/configs/main.json.example
+++ b/configs/main.json.example
@ -10,6 +10,7 @@
 	"tripcodeSecret": "long random string",
 	"ipHashSecret": "long random string",
 	"postPasswordSecret": "long random string",
+	"secureCookies": true,
 	"cacheTemplates": true,
 	"pruneModlogs": true,
 	"enableUserBoards": true,
@ -74,6 +75,8 @@
 	},
 	"boardDefaults": {
 		"theme": "lain",
+		"codeTheme": "ir-black",
+		"sfw": false,
 		"locked": false,
 		"unlisted": false,
 		"captchaMode": 0,
--- a/models/pages/captcha.js
+++ b/models/pages/captcha.js
@ -2,6 +2,7 @@

 const { Captchas, Ratelimits } = require(__dirname+'/../../db/')
 	, generateCaptcha = require(__dirname+'/../../helpers/captcha/captchagenerate.js')
+	, { secureCookies } = require(__dirname+'/../../configs/main.json')
 	, production = process.env.NODE_ENV === 'production';

 module.exports = async (req, res, next) => {
@ -26,7 +27,7 @@ module.exports = async (req, res, next) => {
 	return res
 		.cookie('captchaid', captchaId.toString(), {
 			'maxAge': 5*60*1000, //5 minute cookie
-			'secure': production,
+			'secure': production && secureCookies,
 			'sameSite': 'strict'
 		})
 		.redirect(`/captcha/${captchaId}.jpg`);
--- a/server.js
+++ b/server.js
@ -55,7 +55,7 @@ const express = require('express')
 		saveUninitialized: false,
 		cookie: {
 			httpOnly: true,
-			secure: production,
+			secure: configs.secureCookies && production,
 			sameSite: 'strict',
 		}
 	}));