Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2026-05-07 01:16:15 +02:00
Code Issues Packages Projects Releases Activity

refactor(cookiePath): remove non-working cookiePath option

Browse Source 
this option will currently not work => the cookie will never
be set by the server, if you use a different path other than "/"

in order for this to work we would need to introduce some kind of
"custom route prefix", that would make express serve the routes with
the custom prefix — but that kinda falls more into a reverse proxy
job territory.

So let's remove this feature for now and amend the docs on how to
correctly handle the cookies per instance via the reverse proxy.
This commit is contained in:
Panagiotis Papadopoulos
2025-04-12 12:08:26 +02:00
committed by Panagiotis Papadopoulos
parent 78778305ff
commit a979e87a7f
4 changed files with 2 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/routes/csrf_protection.ts
View File

@@ -1,12 +1,11 @@
import { doubleCsrf } from "csrf-csrf";
import sessionSecret from "../services/session_secret.js";
import { isElectron } from "../services/utils.js";
import config from "../services/config.js";
const doubleCsrfUtilities = doubleCsrf({
getSecret: () => sessionSecret,
cookieOptions: {
path: config.Session.cookiePath,
path: "/",
secure: false,
sameSite: "strict",
httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966

2
src/routes/session_parser.ts
View File

@@ -11,7 +11,7 @@ const sessionParser = session({
resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
cookie: {
path: config.Session.cookiePath,
path: "/",
httpOnly: true,
maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds
},

4
src/services/config.ts
View File

@@ -31,7 +31,6 @@ export interface TriliumConfig {
trustedReverseProxy: boolean | string;
};
Session: {
cookiePath: string;
cookieMaxAge: number;
};
Sync: {
@@ -84,9 +83,6 @@ const config: TriliumConfig = {
},
Session: {
cookiePath:
process.env.TRILIUM_SESSION_COOKIEPATH || iniConfig?.Session?.cookiePath || "/",
cookieMaxAge:
parseInt(String(process.env.TRILIUM_SESSION_COOKIEMAXAGE)) || parseInt(iniConfig?.Session?.cookieMaxAge) || 21 * 24 * 60 * 60 // 21 Days in Seconds
},