From f7efa9f34fcfaa4d78223a32eb4a8915b4ae5c38 Mon Sep 17 00:00:00 2001 From: fatchan Date: Wed, 6 Nov 2019 16:01:59 +1100 Subject: [PATCH] option for insecure cookies in production mode, and add missing stuff to example config --- configs/main.json.example | 3 +++ models/pages/captcha.js | 3 ++- server.js | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/configs/main.json.example b/configs/main.json.example index 6b111157..f0d2a199 100644 --- a/configs/main.json.example +++ b/configs/main.json.example @@ -10,6 +10,7 @@ "tripcodeSecret": "long random string", "ipHashSecret": "long random string", "postPasswordSecret": "long random string", + "secureCookies": true, "cacheTemplates": true, "pruneModlogs": true, "enableUserBoards": true, @@ -74,6 +75,8 @@ }, "boardDefaults": { "theme": "lain", + "codeTheme": "ir-black", + "sfw": false, "locked": false, "unlisted": false, "captchaMode": 0, diff --git a/models/pages/captcha.js b/models/pages/captcha.js index c3dd85b0..426e77cb 100644 --- a/models/pages/captcha.js +++ b/models/pages/captcha.js @@ -2,6 +2,7 @@ const { Captchas, Ratelimits } = require(__dirname+'/../../db/') , generateCaptcha = require(__dirname+'/../../helpers/captcha/captchagenerate.js') + , { secureCookies } = require(__dirname+'/../../configs/main.json') , production = process.env.NODE_ENV === 'production'; module.exports = async (req, res, next) => { @@ -26,7 +27,7 @@ module.exports = async (req, res, next) => { return res .cookie('captchaid', captchaId.toString(), { 'maxAge': 5*60*1000, //5 minute cookie - 'secure': production, + 'secure': production && secureCookies, 'sameSite': 'strict' }) .redirect(`/captcha/${captchaId}.jpg`); diff --git a/server.js b/server.js index 06cf45c4..a0f9ab0a 100644 --- a/server.js +++ b/server.js @@ -55,7 +55,7 @@ const express = require('express') saveUninitialized: false, cookie: { httpOnly: true, - secure: production, + secure: configs.secureCookies && production, sameSite: 'strict', } }));