free-be-account 0.0.32 → 0.0.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +2 -2
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -1141,7 +1141,7 @@ module.exports = (app) => ({
|
|
|
1141
1141
|
if (token) {
|
|
1142
1142
|
res.cookie('token', token, {
|
|
1143
1143
|
httpOnly: true, // 防止 XSS 读取
|
|
1144
|
-
secure: true, // 仅 HTTPS 传输
|
|
1144
|
+
secure: (m.config['secureCookie'] === false) ? false : true, // 仅 HTTPS 传输
|
|
1145
1145
|
sameSite: 'strict', // CSRF 防护
|
|
1146
1146
|
maxAge: app.config['cookieTimeout'],
|
|
1147
1147
|
});
|
|
@@ -1199,7 +1199,7 @@ module.exports = (app) => ({
|
|
|
1199
1199
|
|
|
1200
1200
|
res.cookie('token', token, {
|
|
1201
1201
|
httpOnly: true, // 防止 XSS 读取
|
|
1202
|
-
secure: true, // 仅 HTTPS 传输
|
|
1202
|
+
secure: (m.config['secureCookie'] === false) ? false : true, // 仅 HTTPS 传输
|
|
1203
1203
|
sameSite: 'strict', // CSRF 防护
|
|
1204
1204
|
maxAge: app.config['cookieTimeout'],
|
|
1205
1205
|
});
|