@yrpri/api 9.0.124 → 9.0.125
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/app.js +16 -2
- package/package.json +1 -1
package/app.js
CHANGED
|
@@ -502,7 +502,15 @@ export class YourPrioritiesApi {
|
|
|
502
502
|
this.app.use(requestIp.mw());
|
|
503
503
|
this.app.use(bodyParser.json({ limit: "100mb", strict: false }));
|
|
504
504
|
this.app.use(bodyParser.urlencoded({ limit: "100mb", extended: true }));
|
|
505
|
-
|
|
505
|
+
if (process.env.ALLOWED_ORIGINS) {
|
|
506
|
+
this.app.use(cors({
|
|
507
|
+
origin: process.env.ALLOWED_ORIGINS.split(","),
|
|
508
|
+
credentials: true,
|
|
509
|
+
}));
|
|
510
|
+
}
|
|
511
|
+
else {
|
|
512
|
+
this.app.use(cors());
|
|
513
|
+
}
|
|
506
514
|
this.app.use(compression());
|
|
507
515
|
this.app.set("views", __dirname + "/views");
|
|
508
516
|
this.app.set("view engine", "pug");
|
|
@@ -510,13 +518,19 @@ export class YourPrioritiesApi {
|
|
|
510
518
|
if (!process.env.SESSION_SECRET) {
|
|
511
519
|
throw new Error("SESSION_SECRET is not set");
|
|
512
520
|
}
|
|
521
|
+
let cookieValues = {
|
|
522
|
+
autoSubDomain: true,
|
|
523
|
+
};
|
|
524
|
+
if (process.env.ALLOWED_ORIGINS) {
|
|
525
|
+
cookieValues.sameSite = "none";
|
|
526
|
+
}
|
|
513
527
|
const sessionConfig = {
|
|
514
528
|
store: store,
|
|
515
529
|
name: "yrpri.sid",
|
|
516
530
|
secret: process.env.SESSION_SECRET,
|
|
517
531
|
resave: false,
|
|
518
532
|
proxy: process.env.USING_NGINX_PROXY ? true : undefined,
|
|
519
|
-
cookie:
|
|
533
|
+
cookie: cookieValues,
|
|
520
534
|
saveUninitialized: false,
|
|
521
535
|
};
|
|
522
536
|
if (this.app.get("env") === "production") {
|