From 5d083327a82506b65e2810c669f38c3da73c1e62 Mon Sep 17 00:00:00 2001 From: Sonny Date: Sun, 7 Jul 2024 19:59:17 +0200 Subject: [PATCH] fix: (temp) disable xframe check and set same-site cookie to none --- .env.example | 4 ++-- config/session.ts | 9 +++++---- config/shield.ts | 4 +--- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.env.example b/.env.example index 39df674..ebbcf90 100644 --- a/.env.example +++ b/.env.example @@ -1,5 +1,5 @@ # node ace generate:key -APP_KEY=UfdS996001I_koCN1OiZiSh-DJZTyvGc +APP_KEY=soY8ZAtItT_fCkNUADfgffZUUo675lOj TZ=UTC PORT=3333 HOST=localhost @@ -13,4 +13,4 @@ DB_PASSWORD=my-links-pwd DB_DATABASE=my-links GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= -GOOGLE_CLIENT_CALLBACK_URL=http://localhost:3333/auth/callback +GOOGLE_CLIENT_CALLBACK_URL=http://localhost:3333/auth/callback \ No newline at end of file diff --git a/config/session.ts b/config/session.ts index fe581a9..735bd41 100644 --- a/config/session.ts +++ b/config/session.ts @@ -1,5 +1,4 @@ import env from '#start/env'; -import app from '@adonisjs/core/services/app'; import { defineConfig, stores } from '@adonisjs/session'; const sessionConfig = defineConfig({ @@ -16,7 +15,7 @@ const sessionConfig = defineConfig({ * Define how long to keep the session data alive without * any activity. */ - age: '2h', + age: '7d', /** * Configuration for session cookie and the @@ -25,8 +24,10 @@ const sessionConfig = defineConfig({ cookie: { path: '/', httpOnly: true, - secure: app.inProduction, - sameSite: 'lax', + secure: true, + + // TODO: set this to lax and found a solution to keep auth when using extension + sameSite: 'none', }, /** diff --git a/config/shield.ts b/config/shield.ts index 6d3ccc1..2d836e7 100644 --- a/config/shield.ts +++ b/config/shield.ts @@ -27,9 +27,7 @@ const shieldConfig = defineConfig({ * iFrames */ xFrame: { - enabled: true, - action: 'ALLOW-FROM', - domain: '*', + enabled: false, }, /**