Secure cookie

This commit is contained in:
Evert Prants 2024-06-06 20:27:38 +03:00
parent 17821bfda3
commit a365c96733
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
2 changed files with 8 additions and 2 deletions

View File

@ -15,6 +15,9 @@ DATABASE_PASS=icyauth
SESSION_SECRET=32 char key SESSION_SECRET=32 char key
CHALLENGE_SECRET=64 char key CHALLENGE_SECRET=64 char key
# Set "Secure" flag on the cookie
SESSION_SECURE=true
# OpenID Connect JWT (ID token) settings # OpenID Connect JWT (ID token) settings
# Private keys for JWTs are stored as files in the private directory # Private keys for JWTs are stored as files in the private directory
JWT_ALGORITHM=RS256 JWT_ALGORITHM=RS256

View File

@ -1,4 +1,4 @@
import { AUTO_MIGRATE, SESSION_SECRET } from '$env/static/private'; import { AUTO_MIGRATE, SESSION_SECRET, SESSION_SECURE } from '$env/static/private';
import { csrf } from '$lib/server/csrf'; import { csrf } from '$lib/server/csrf';
import { DB } from '$lib/server/drizzle'; import { DB } from '$lib/server/drizzle';
import { runSeeds } from '$lib/server/drizzle/seeds'; import { runSeeds } from '$lib/server/drizzle/seeds';
@ -19,6 +19,9 @@ await runSeeds();
export const handle = sequence( export const handle = sequence(
csrf(['/oauth2/token', '/oauth2/introspect']), csrf(['/oauth2/token', '/oauth2/introspect']),
handleSession({ handleSession({
secret: SESSION_SECRET secret: SESSION_SECRET,
cookie: {
secure: SESSION_SECURE === 'true'
}
}) })
); );