From 603f38418977321f1606503e58dfcf35aa64d7a3 Mon Sep 17 00:00:00 2001 From: Koushik Dutta Date: Sun, 12 Jun 2022 10:33:22 -0700 Subject: [PATCH] server: fix insecure http login --- server/package-lock.json | 4 ++-- server/package.json | 2 +- server/src/scrypted-server-main.ts | 6 ++++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/server/package-lock.json b/server/package-lock.json index 6079f111f..a61027a0e 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -1,12 +1,12 @@ { "name": "@scrypted/server", - "version": "0.1.2", + "version": "0.1.4", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@scrypted/server", - "version": "0.1.2", + "version": "0.1.4", "license": "ISC", "dependencies": { "@mapbox/node-pre-gyp": "^1.0.8", diff --git a/server/package.json b/server/package.json index c972a8410..fae64f6db 100644 --- a/server/package.json +++ b/server/package.json @@ -1,6 +1,6 @@ { "name": "@scrypted/server", - "version": "0.1.2", + "version": "0.1.4", "description": "", "dependencies": { "@mapbox/node-pre-gyp": "^1.0.8", diff --git a/server/src/scrypted-server-main.ts b/server/src/scrypted-server-main.ts index d2dac5eb4..87fd76175 100644 --- a/server/src/scrypted-server-main.ts +++ b/server/src/scrypted-server-main.ts @@ -400,7 +400,8 @@ async function start() { const login_user_token = `${username}#${timestamp}`; res.cookie('login_user_token', login_user_token, { maxAge, - secure: true, + // enabling this will disable insecure http login... + // secure: true, signed: true, httpOnly: true, sameSite: 'none', @@ -442,7 +443,8 @@ async function start() { const login_user_token = `${username}#${timestamp}` res.cookie('login_user_token', login_user_token, { maxAge, - secure: true, + // enabling this will disable insecure http login... + // secure: true, signed: true, httpOnly: true, sameSite: 'none',