mirror/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2026-05-24 23:18:23 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1155 from TriliumNext/feat_custom-cookie-path

Browse Source 
feat: allow setting custom cookiePath
This commit is contained in:
Elian Doran
2025-02-10 23:42:08 +02:00
committed by GitHub
parent 5390b97730 62f8f8f1a7
commit 905983e794
4 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/csrf_protection.ts
+2 -1
View File
@@ -1,11 +1,12 @@
import { doubleCsrf } from "csrf-csrf";
import sessionSecret from "../services/session_secret.js";
import { isElectron } from "../services/utils.js";
import config from "../services/config.js";
const doubleCsrfUtilities = doubleCsrf({
getSecret: () => sessionSecret,
cookieOptions: {
path: "", // empty, so cookie is valid only for the current path
path: config.Session.cookiePath,
secure: false,
sameSite: "strict",
httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966
src/routes/session_parser.ts
+2 -1
View File
@@ -2,6 +2,7 @@ import session from "express-session";
import sessionFileStore from "session-file-store";
import sessionSecret from "../services/session_secret.js";
import dataDir from "../services/data_dir.js";
import config from "../services/config.js";
const FileStore = sessionFileStore(session);
const sessionParser = session({
@@ -9,7 +10,7 @@ const sessionParser = session({
resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
cookie: {
// path: "/",
path: config.Session.cookiePath,
httpOnly: true,
maxAge: 24 * 60 * 60 * 1000 // in milliseconds
},
src/services/config.ts
+8
View File
@@ -32,6 +32,9 @@ export interface TriliumConfig {
keyPath: string;
trustedReverseProxy: boolean | string;
};
Session: {
cookiePath: string;
}
Sync: {
syncServerHost: string;
syncServerTimeout: string;
@@ -76,6 +79,11 @@ const config: TriliumConfig = {
process.env.TRILIUM_NETWORK_TRUSTEDREVERSEPROXY || iniConfig.Network.trustedReverseProxy || false
},
Session: {
cookiePath:
process.env.TRILIUM_SESSION_COOKIEPATH || iniConfig?.Session?.cookiePath || "/"
},
Sync: {
syncServerHost:
process.env.TRILIUM_SYNC_SERVER_HOST || iniConfig?.Sync?.syncServerHost || "",