Merge branch 'main' into dependabot/npm_and_yarn/elliptic-6.6.1

hpi-schul-cloud · Feb 18, 2025 · f93c6c9 · f93c6c9
2 parents 2082a9d + 4faad58
commit f93c6c9
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/node:22 as git
+FROM docker.io/node:22 AS git
 
 RUN mkdir /app && chown -R node:node /app
 WORKDIR /app
@@ -55,4 +55,4 @@ COPY --from=git /app/version /home/node/app/static/version
 # "build" .. this basically throws out non relevant files for the theme under build and does scss to css stuff
 RUN export NODE_OPTIONS=--openssl-legacy-provider && node node_modules/gulp/bin/gulp.js clear-cache && node node_modules/gulp/bin/gulp.js
 
-CMD npm start
+CMD ["npm", "start"]
diff --git a/app.js b/app.js
@@ -140,7 +140,9 @@ if (redisUrl) {
 const SIX_HOURS = 1000 * 60 * 60 * 6;
 app.use(session({
 	cookie: {
-		// TODO ...cookieDefaults,
+		httpOnly: true,
+		sameSite: Configuration.get('SESSION_COOKIE_SAME_SITE'),
+		secure: 'auto',
 		maxAge: SIX_HOURS,
 	},
 	rolling: true, // refresh session with every request within maxAge

diff --git a/config/default.schema.json b/config/default.schema.json
@@ -279,6 +279,11 @@
 			"default": "",
 			"description": "A string with concatenated user types (student, employee) that don't need to explicitly state their consent with the terms and conditions. \"employee\" means teachers and admins"
 		},
+		"SESSION_COOKIE_SAME_SITE": {
+			"type": "string",
+			"default": "strict",
+			"description": "express-session cookie samesite attribute"
+		},
 		"COOKIE": {
 			"type": "object",
 			"description": "Cookie properties, required always to be defined",