marketing-shibata50/tududi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disable internal SSL

Browse source 
Users should use a TLS terminator if necessary.
This commit is contained in:
antanst 2025-07-22 16:26:02 +03:00 committed by Antonis Anastasiadis
parent f3c34ba6a7
commit 8c2435c952
7 changed files with 205 additions and 234 deletions
Download patch file Download diff file Expand all files Collapse all files

10
backend/app.js
View file

@ -23,9 +23,9 @@ const sessionStore = new SequelizeStore({
// Middlewares
app.use(
helmet({
hsts: config.sslEnabled, // Only enable HSTS when SSL is enabled
forceHTTPS: config.sslEnabled, // Only force HTTPS when SSL is enabled
contentSecurityPolicy: false, // Disable CSP for now to avoid conflicts
hsts: false,
forceHTTPS: false,
contentSecurityPolicy: false,
})
);
app.use(compression());
@ -61,9 +61,9 @@ app.use(
saveUninitialized: false,
cookie: {
httpOnly: true,
secure: config.sslEnabled,
secure: false,
maxAge: 2592000000, // 30 days
sameSite: config.sslEnabled ? 'none' : 'lax',
sameSite: 'lax',
},
})
);