Secure cookie
This commit is contained in:
parent
17821bfda3
commit
a365c96733
@ -15,6 +15,9 @@ DATABASE_PASS=icyauth
|
|||||||
SESSION_SECRET=32 char key
|
SESSION_SECRET=32 char key
|
||||||
CHALLENGE_SECRET=64 char key
|
CHALLENGE_SECRET=64 char key
|
||||||
|
|
||||||
|
# Set "Secure" flag on the cookie
|
||||||
|
SESSION_SECURE=true
|
||||||
|
|
||||||
# OpenID Connect JWT (ID token) settings
|
# OpenID Connect JWT (ID token) settings
|
||||||
# Private keys for JWTs are stored as files in the private directory
|
# Private keys for JWTs are stored as files in the private directory
|
||||||
JWT_ALGORITHM=RS256
|
JWT_ALGORITHM=RS256
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
import { AUTO_MIGRATE, SESSION_SECRET } from '$env/static/private';
|
import { AUTO_MIGRATE, SESSION_SECRET, SESSION_SECURE } from '$env/static/private';
|
||||||
import { csrf } from '$lib/server/csrf';
|
import { csrf } from '$lib/server/csrf';
|
||||||
import { DB } from '$lib/server/drizzle';
|
import { DB } from '$lib/server/drizzle';
|
||||||
import { runSeeds } from '$lib/server/drizzle/seeds';
|
import { runSeeds } from '$lib/server/drizzle/seeds';
|
||||||
@ -19,6 +19,9 @@ await runSeeds();
|
|||||||
export const handle = sequence(
|
export const handle = sequence(
|
||||||
csrf(['/oauth2/token', '/oauth2/introspect']),
|
csrf(['/oauth2/token', '/oauth2/introspect']),
|
||||||
handleSession({
|
handleSession({
|
||||||
secret: SESSION_SECRET
|
secret: SESSION_SECRET,
|
||||||
|
cookie: {
|
||||||
|
secure: SESSION_SECURE === 'true'
|
||||||
|
}
|
||||||
})
|
})
|
||||||
);
|
);
|
||||||
|
Loading…
Reference in New Issue
Block a user