From 733743a958c97ca2342f9cb59fc3c0ca5010d09e Mon Sep 17 00:00:00 2001 From: Lior Zamir Date: Fri, 13 Dec 2024 11:08:41 +0200 Subject: [PATCH 1/4] fix: pt issue regarrding cookies to be secured --- services/workflows-service/src/main.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/services/workflows-service/src/main.ts b/services/workflows-service/src/main.ts index d7f08499f1..84c1bb99fd 100644 --- a/services/workflows-service/src/main.ts +++ b/services/workflows-service/src/main.ts @@ -99,8 +99,9 @@ const main = async () => { name: 'session', keys: [env.SESSION_SECRET], httpOnly: env.ENVIRONMENT_NAME === 'production', - secure: false, - sameSite: env.ENVIRONMENT_NAME === 'production' ? 'strict' : false, + secure: true, + // lax - Cookies are sent with same-site requests and some cross-site GET requests. + sameSite: env.ENVIRONMENT_NAME === 'production' ? 'strict' : 'lax', maxAge: 1000 * 60 * env.SESSION_EXPIRATION_IN_MINUTES, }), ); From ceebfc1bf2c83085842e710853cd454f2a0cebff Mon Sep 17 00:00:00 2001 From: Lior Zamir Date: Fri, 13 Dec 2024 11:10:49 +0200 Subject: [PATCH 2/4] fix: pt issue regarrding cookies to be secured --- services/workflows-service/src/main.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/workflows-service/src/main.ts b/services/workflows-service/src/main.ts index 84c1bb99fd..10778a9b7e 100644 --- a/services/workflows-service/src/main.ts +++ b/services/workflows-service/src/main.ts @@ -98,10 +98,10 @@ const main = async () => { cookieSession({ name: 'session', keys: [env.SESSION_SECRET], - httpOnly: env.ENVIRONMENT_NAME === 'production', + httpOnly: env.ENVIRONMENT_NAME !== 'local', secure: true, // lax - Cookies are sent with same-site requests and some cross-site GET requests. - sameSite: env.ENVIRONMENT_NAME === 'production' ? 'strict' : 'lax', + sameSite: env.ENVIRONMENT_NAME !== 'local' ? 'strict' : 'lax', maxAge: 1000 * 60 * env.SESSION_EXPIRATION_IN_MINUTES, }), ); From 8eeff2203cce5afe6d41eb61f5a4db3cf8c09d71 Mon Sep 17 00:00:00 2001 From: Lior Zamir Date: Fri, 13 Dec 2024 12:06:46 +0200 Subject: [PATCH 3/4] fix: securty http only --- services/workflows-service/src/main.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/workflows-service/src/main.ts b/services/workflows-service/src/main.ts index 10778a9b7e..ca9b2be11a 100644 --- a/services/workflows-service/src/main.ts +++ b/services/workflows-service/src/main.ts @@ -99,7 +99,7 @@ const main = async () => { name: 'session', keys: [env.SESSION_SECRET], httpOnly: env.ENVIRONMENT_NAME !== 'local', - secure: true, + secure: env.ENVIRONMENT_NAME !== 'local', // lax - Cookies are sent with same-site requests and some cross-site GET requests. sameSite: env.ENVIRONMENT_NAME !== 'local' ? 'strict' : 'lax', maxAge: 1000 * 60 * env.SESSION_EXPIRATION_IN_MINUTES, From 87a8f0d459072785aec440deceed1436a7f0bc24 Mon Sep 17 00:00:00 2001 From: Lior Zamir Date: Sat, 21 Dec 2024 19:01:02 +0200 Subject: [PATCH 4/4] fix: non secure --- services/workflows-service/src/auth/session-serializer.ts | 2 +- services/workflows-service/src/main.ts | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/services/workflows-service/src/auth/session-serializer.ts b/services/workflows-service/src/auth/session-serializer.ts index 5f391d3613..acde139df2 100644 --- a/services/workflows-service/src/auth/session-serializer.ts +++ b/services/workflows-service/src/auth/session-serializer.ts @@ -47,8 +47,8 @@ export class SessionSerializer extends PassportSerializer { lastName: true, avatarUrl: true, lastActiveAt: true, - userToProjects: { select: { projectId: true } }, }, + include: { userToProjects: { select: { projectId: true } } }, }); const { userToProjects, ...userData } = userResult; diff --git a/services/workflows-service/src/main.ts b/services/workflows-service/src/main.ts index ca9b2be11a..d2356dee69 100644 --- a/services/workflows-service/src/main.ts +++ b/services/workflows-service/src/main.ts @@ -99,9 +99,8 @@ const main = async () => { name: 'session', keys: [env.SESSION_SECRET], httpOnly: env.ENVIRONMENT_NAME !== 'local', - secure: env.ENVIRONMENT_NAME !== 'local', - // lax - Cookies are sent with same-site requests and some cross-site GET requests. - sameSite: env.ENVIRONMENT_NAME !== 'local' ? 'strict' : 'lax', + secure: false, + sameSite: env.ENVIRONMENT_NAME !== 'local' ? 'strict' : 'none', maxAge: 1000 * 60 * env.SESSION_EXPIRATION_IN_MINUTES, }), );