v1.3.1
·
9 commits
to master
since this release
04cb4df
This commit was signed with the committer’s verified signature.
mattoberle
Matt Oberle
#31 - Adds Secure: true for clay-session cookies.
Setting Secure requires app.use('trust proxy', <val>); when performing early SSL termination.
Even if using trust proxy the value of X-Forwarded-Proto must be https for the cookie to be set.
Projects that use multiple proxy layers may need to get creative to convince express-session to set the cookie.
Example:
// Only do this if you trust your proxy configuration!
function xProtocolMiddleware(req, res, next) {
req.headers['x-forwarded-proto'] = 'https';
next();
}
app.use(xProtocolMiddleware);
app.set('trust proxy', true);