openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
28cf38891767b8d08627cd3745e00898e2e9f2f7
oikos/server/middleware
T
History
Ulas 59791df248 fix: enforce Secure flag on session and CSRF cookies by default 
Cookies were sent without Secure flag outside of production (NODE_ENV check).
New logic: secure=true by default; set SESSION_SECURE=false in .env to
allow HTTP explicitly (local dev without reverse proxy). Affects session
cookie, CSRF cookie in login handler, and CSRF middleware.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-01 18:34:31 +02:00
..
csrf.js
fix: enforce Secure flag on session and CSRF cookies by default
2026-04-01 18:34:31 +02:00
validate.js
fix: Input-Validation auf allen API-Routen vereinheitlichen (Phase 5, Schritt 27)
2026-03-26 00:23:57 +01:00