Closed Poc275 closed 7 years ago
Guard against XSS & CSRF by adding: cookie: { httpOnly: true, secure: true } to the session() object to only set cookies on https and prevent client-side scripts from accessing them. Source: https://blog.logrocket.com/security-for-fullstack-web-developers-part-1-a56340283f7c
cookie: { httpOnly: true, secure: true }
Guard against XSS & CSRF by adding:
cookie: { httpOnly: true, secure: true }to the session() object to only set cookies on https and prevent client-side scripts from accessing them. Source: https://blog.logrocket.com/security-for-fullstack-web-developers-part-1-a56340283f7c