feat: Additional httpOnly token for enhanced security in browsers

2025-08-05 21:45:30 +02:00 · 2024-09-01 09:31:04 +02:00 · 2024-09-01 09:31:04 +02:00 · 50519f1bcd
commit 50519f1bcd
parent d4043c9726
18 changed files with 171 additions and 48 deletions
--- a/server/config/custom.js
+++ b/server/config/custom.js
@ -8,9 +8,12 @@
 * https://sailsjs.com/config/custom
 */

+const url = require('url');
 const path = require('path');
 const sails = require('sails');

+const parsedBasedUrl = new url.URL(process.env.BASE_URL);
+
 module.exports.custom = {
  /**
   *
@ -19,6 +22,8 @@ module.exports.custom = {
   */

  baseUrl: process.env.BASE_URL,
+  baseUrlPath: parsedBasedUrl.pathname,
+  baseUrlSecure: parsedBasedUrl.protocol === 'https:',

  tokenExpiresIn: parseInt(process.env.TOKEN_EXPIRES_IN, 10) || 365,

--- a/server/config/env/production.js
+++ b/server/config/env/production.js
@ -23,6 +23,8 @@ const url = require('url');

 const { customLogger } = require('../../utils/logger');

+const parsedBasedUrl = new url.URL(process.env.BASE_URL);
+
 module.exports = {
  /**
   *
@ -131,9 +133,10 @@ module.exports = {
     */

    cors: {
-      // allowOrigins: [
-      //   'https://example.com',
-      // ],
+      allRoutes: false,
+      allowOrigins: '*',
+      allowRequestHeaders: 'content-type',
+      allowCredentials: false,
    },
  },

@ -218,7 +221,7 @@ module.exports = {
     *
     */

-    onlyAllowOrigins: [new url.URL(process.env.BASE_URL).origin],
+    onlyAllowOrigins: [parsedBasedUrl.origin],

    /**
     *