diff --git a/server.js b/server.js index 1f539c8..a261aae 100644 --- a/server.js +++ b/server.js @@ -21,7 +21,6 @@ const { const SESSION_SECRET_VALUE = SESSION_SECRET || 'itam-headless-session-secret'; const DEFAULT_SCOPES = ['openid', 'profile', 'email']; const DEFAULT_ERROR_PATH = ERROR_LOCALE_PATH || '/ko/error'; -const USE_SECURE_COOKIES = Boolean(REDIRECT_URI && REDIRECT_URI.startsWith('https://')); const dbConfig = { host: process.env.DB_HOST, @@ -39,19 +38,18 @@ const getDbConnectionSummary = () => ({ }); const app = express(); -if (USE_SECURE_COOKIES) { - app.set('trust proxy', 1); -} +app.set('trust proxy', 1); app.use(cors()); app.use(express.json({ limit: '50mb' })); app.use(session({ secret: SESSION_SECRET_VALUE, + proxy: true, resave: false, saveUninitialized: false, cookie: { httpOnly: true, sameSite: 'lax', - secure: USE_SECURE_COOKIES, + secure: 'auto', maxAge: 1000 * 60 * 60 * 8 } }));