fix: Add samesite to cookies for better security (#992)

Fixes HDX-1920
This commit is contained in:
Tom Alexander 2025-07-11 11:56:44 -04:00 committed by GitHub
parent 973b9e8d0a
commit a4f2afa539
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 0 deletions

View file

@ -0,0 +1,5 @@
---
"@hyperdx/api": patch
---
fix: Add samesite to cookies for better security

View file

@ -26,6 +26,7 @@ const sess: session.SessionOptions & { cookie: session.CookieOptions } = {
secret: config.EXPRESS_SESSION_SECRET,
cookie: {
secure: false,
sameSite: 'lax',
maxAge: 1000 * 60 * 60 * 24 * 30, // 30 days
},
rolling: true,