Closed hiyaryan closed 8 months ago
This PR is now closed. For simplicity sake, the dev environment will be kept over http. Using https will require anyone who clones this repository to be a certificate authority in order to run the application. While it's important to know how the application functions over https (as close to production as it can get), this can be applied from within the production environment itself.
This (attempts) to make the local development servers (vite and express) serve over https which will make the development environment look closer to actual production. The first commits setup
cors
(on both vite an express) andsession
(in only express) to run only securely on both production and development environments. Some additional security practices have been implemented such as moving all exposed urls to .env and resolves minor errors such as removing the account icon that did not load from its original src.Note that in order to run the server over HTTPS you need your own SSL Certificate Authority (CA) and certificates need to be loaded into the servers requesting HTTPS access. This website provides a good reference to becoming a tiny CA and creating certificates needed. Even having followed this and importing certificates into the servers the browser still doesn't recognize the site as secure even with it being served as
https
(see Issue #28 for more information).