Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add secureProxy option to the cookie session #294

Merged
merged 52 commits into from
Feb 16, 2021
Merged

Add secureProxy option to the cookie session #294

merged 52 commits into from
Feb 16, 2021

Conversation

kryswisnaskas
Copy link
Collaborator

@kryswisnaskas kryswisnaskas commented Feb 12, 2021
edited by rahearn
Loading

Description of change
Small change to add explicit option to the cookie used for session management.

plus the changes for issue 5

How to test

Issue(s)

Checklist

  • Meets issue criteria
  • Code tested
  • Meets accessibility standards (WCAG 2.1 Levels A, AA)
  • Documentation updated

kryswisnaskas and others added 30 commits January 27, 2021 12:47
@kryswisnaskas
Landing page checkpoint commit
cedfeb0
@kryswisnaskas
Added sorting
a716599
@kryswisnaskas
Merge branch 'main' of https://github.com/adhocteam/Head-Start-TTADP
a2bd6c0 
…into kw-display-reports
@kryswisnaskas
Merge branch 'main' of https://github.com/adhocteam/Head-Start-TTADP
69ccf13 
…into kw-display-reports
@kryswisnaskas
Added tests, empty report
75f7639
@kryswisnaskas
Correct merge error
6431825
@kryswisnaskas
Fix merge issue
6de8f8e
@kryswisnaskas
Fix lint errors
67566d3
@kryswisnaskas
Remove unused module
4b6a542
@kryswisnaskas
Merge branch 'main' of https://github.com/adhocteam/Head-Start-TTADP
7d9805f 
…into kw-display-reports
@kryswisnaskas
Fix merge conflict
95b3a38
@kryswisnaskas
Fix lint errors
04bba1c
@kryswisnaskas
Added more tests
e4dae31
@kryswisnaskas
Fix lint errors
158b2cd
@kryswisnaskas
Merge branch 'main' into kw-display-reports
a99fe60
@kryswisnaskas
Merge branch 'js-282-fix-cucumber-tests' of https://github.com/adhoct…
664b52f 
…eam/Head-Start-TTADP into kw-display-reports
@kryswisnaskas
Merge branch 'kw-display-reports' of https://github.com/adhocteam/Hea…
0561da4 
…d-Start-TTADP into kw-display-reports
@kryswisnaskas
Modified cucumber test
a21b9d2
@kryswisnaskas
Modified cucumber test
f106cc2
@kryswisnaskas
Fix cucumber test
55c78db
@kryswisnaskas
Update open api doc
809a57b
@kryswisnaskas
Add role acronyms to display
4b8a95d
@kryswisnaskas
Fix new eslint errors
e4e51ec
@kryswisnaskas
Fix new eslint errors
23cf654
@kryswisnaskas
Combine values from multiples
253e568
@kryswisnaskas
Remove whitespace to satisfy eslint
4af7bd8
@kryswisnaskas
Adjust test
c3b37b4
@kryswisnaskas
Merge branch 'main' of https://github.com/adhocteam/Head-Start-TTADP
1da28b0 
…into kw-display-reports
@kryswisnaskas
Remove sorting
ff3b8b5
@kryswisnaskas
Remove blank lines
6c5e287
kryswisnaskas and others added 15 commits February 10, 2021 11:50
@kryswisnaskas
Merge branch 'main' of https://github.com/adhocteam/Head-Start-TTADP
3d4b1ac 
…into kw-display-reports
@kryswisnaskas
Fix merge issue
3d8382b
@kryswisnaskas
Merge branch 'main' into kw-display-reports
8751dcf
@kryswisnaskas
Add explicit cookie session options
fa3f81e
@kryswisnaskas
Added scrollbars; removed test; modified styles
1b1ce8c
@kryswisnaskas
Merge branch 'kw-display-reports' of https://github.com/adhocteam/Hea…
cdc95f1 
…d-Start-TTADP into kw-display-reports
@kryswisnaskas
Update yarn.lock
112ccd6
@kryswisnaskas
Fix lint errors
f3881d1
@kryswisnaskas
Merge branch 'main' into kw-display-reports
c1f7ba4
@rahearn
Merge branch 'main' into kw-display-reports
9189f61
@kryswisnaskas
Merge branch 'main' into kw-secure-cookie
6740fd5
@kryswisnaskas
Remove one of secure cookie settings
4ba76a9
@kryswisnaskas
Merge branch 'kw-secure-cookie' of https://github.com/adhocteam/Head-…
61cb04e 
…Start-TTADP into kw-secure-cookie
@kryswisnaskas
Merge pull request #163 from adhocteam/kw-secure-cookie
55a2a37 
Add explicit cookie-session options
@kryswisnaskas
Merge branch 'main' into kw-display-reports
c0394f1
kryswisnaskas and others added 5 commits February 12, 2021 17:39
@kryswisnaskas
Merge pull request #150 from adhocteam/kw-display-reports
5896310 
Display reports
Try limiting workers for frontend tests
027759a 
To eliminate `Call retries were exceeded` error for frontend tests
Add --maxWorkers=50% as suggested at
jestjs/jest#8769
@dcmcand
Merge pull request #168 from adhocteam/cm-limit-workers-for-frontend-…
2524544 
…tests

Try limiting workers for frontend tests
Extend yarn commands and add resources for backend
8eb824d
@gopar
Merge pull request #172 from adhocteam/new-cmds-and-info
5d53681 
Extend yarn commands and add resources for backend
rahearn
rahearn requested changes Feb 16, 2021
View reviewed changes
Copy link
Contributor

@rahearn rahearn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make this slight tweak to ensure that non-ssl local development still works with HSES login.

src/app.js Outdated
@@ -29,6 +29,7 @@ app.use(cookieSession({

// Cookie Options. httpOnly is set by default to true for https
sameSite: 'lax',
secureProxy: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great in dev, but seems to be breaking cookies in my local environment, preventing any logins when BYPASS_AUTH is false.

Suggested change
secureProxy: true,
secureProxy: (process.env.NODE_ENV === 'production'),

src/README.md
@@ -0,0 +1,25 @@
# TTADP Backend
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome add!

@kryswisnaskas
Copy link
Collaborator Author

Thanks for finding this. Created adhocteam#174 since I wasn't able to commit the suggested change here.

@kryswisnaskas
Merge pull request #174 from adhocteam/conditional-setting
6f2a3f4 
Make secureProxy setting conditional
@rahearn rahearn merged commit e823b25 into HHS:main Feb 16, 2021
rahearn pushed a commit that referenced this pull request May 26, 2021
@dcloud
Merge pull request #294 from adhocteam/TTAHUB-121/website-tracking
17575e0 
[TTAHUB-121]: Create ADR for using New Relic for web analytics.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rahearn rahearn rahearn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Session cookies secure flag not properly set Display list of Activity Reports
4 participants
@kryswisnaskas @rahearn @dcmcand @gopar