Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00
Code Issues Activity

🐛 Fixed cookies when running Ghost without SSL (#15022)

Browse source 
As part of the updates to auth cookies we switched to SameSite=None
which requires an SSL connection. Local development, and some
production sites do not use SSL and so the cookie is invalid and a
session is unable to be created with the browser.
This commit is contained in:
Fabien 'egg' O'Carroll 2022-07-13 10:49:06 +01:00 committed by Daniel Lockyer
parent 815fdc9235
commit 86905aaad8
No known key found for this signature in database
GPG key ID: D21186F0B47295AD
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/server/services/auth/session/express-session.js
View file

@ -23,7 +23,7 @@ function getExpressSessionMiddleware() {
maxAge: constants.SIX_MONTH_MS,
httpOnly: true,
path: urlUtils.getSubdir() + '/ghost',
sameSite: 'none',
sameSite: urlUtils.isSSL(config.get('url')) ? 'none' : 'lax',
secure: urlUtils.isSSL(config.get('url'))
}
});