From 1f849cd1c565df6e139431cd6d7c9f6a7e5f659e Mon Sep 17 00:00:00 2001 From: SDI Date: Wed, 1 Jul 2026 14:23:45 +0900 Subject: [PATCH] =?UTF-8?q?BARON-SSO=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20?= =?UTF-8?q?=EC=84=B8=EC=85=98=20=EB=AC=B8=EC=A0=9C=20=EC=88=98=EC=A0=95=20?= =?UTF-8?q?sever.js?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/server.js b/server.js index 1f539c8..a261aae 100644 --- a/server.js +++ b/server.js @@ -21,7 +21,6 @@ const { const SESSION_SECRET_VALUE = SESSION_SECRET || 'itam-headless-session-secret'; const DEFAULT_SCOPES = ['openid', 'profile', 'email']; const DEFAULT_ERROR_PATH = ERROR_LOCALE_PATH || '/ko/error'; -const USE_SECURE_COOKIES = Boolean(REDIRECT_URI && REDIRECT_URI.startsWith('https://')); const dbConfig = { host: process.env.DB_HOST, @@ -39,19 +38,18 @@ const getDbConnectionSummary = () => ({ }); const app = express(); -if (USE_SECURE_COOKIES) { - app.set('trust proxy', 1); -} +app.set('trust proxy', 1); app.use(cors()); app.use(express.json({ limit: '50mb' })); app.use(session({ secret: SESSION_SECRET_VALUE, + proxy: true, resave: false, saveUninitialized: false, cookie: { httpOnly: true, sameSite: 'lax', - secure: USE_SECURE_COOKIES, + secure: 'auto', maxAge: 1000 * 60 * 60 * 8 } }));