change password - profile stuff

author: Jules Laplace <julescarbon@gmail.com> 2017-12-14 19:53:31 +0100
committer: Jules Laplace <julescarbon@gmail.com> 2017-12-14 19:53:31 +0100
commit: 3a42fe7ad797a6f9cf747d2d358015ac992765a7 (patch)
tree: 169c2123067abc677b9e3fa8d19142bd3af3338e /bucky/app/index.js
parent: d776e6aa7d1e458ef050c016a4c285aa5887c5f0 (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/bucky/app/index.js b/bucky/app/index.js
index 248679a..b600935 100644
--- a/bucky/app/index.js
+++ b/bucky/app/index.js
@@ -25,12 +25,16 @@ site.init = function(){
   app.set('port', process.env.PORT || 5000)
   app.use(favicon(__dirname + '../../../public/favicon.ico'))
   app.use(bodyParser.json())
-  app.use(cookieParser());
+  app.use(cookieParser())
   app.use(session({
     secret: 'argonauts',
     proxy: true,
     key: 'bucky.sid',
-    cookie: {secure: true, domain: '.' + process.env.HOST_NAME, maxAge: 43200000000 },
+    cookie: {
+      secure: process.env.NODE_ENV === 'production',
+      domain: '.' + process.env.HOST_NAME,
+      maxAge: 43200000000,
+    },
     store: new MongoStore({
       url: 'mongodb://localhost/buckySessionDb'
 //       type: 'mongodb',
@@ -43,7 +47,11 @@ site.init = function(){
     resave: true,
     saveUninitialized: false,
   }))
-  app.use(csurf({ cookie: true }))
+
+  app.use(csurf({
+    cookie: true,
+    value: (req) => req.headers['csrf-token'],
+  }))
   app.disable('x-powered-by')
 
   app.use(express.query())
author	Jules Laplace <julescarbon@gmail.com>	2017-12-14 19:53:31 +0100
committer	Jules Laplace <julescarbon@gmail.com>	2017-12-14 19:53:31 +0100
commit	3a42fe7ad797a6f9cf747d2d358015ac992765a7 (patch)
tree	169c2123067abc677b9e3fa8d19142bd3af3338e /bucky/app/index.js
parent	d776e6aa7d1e458ef050c016a4c285aa5887c5f0 (diff)