search

hiyaryan / the-cdj

The Cognitive Distortion Journal (CDJ) is a smart journaling tool that helps remedy distorted thinking. It can feel impossible to follow the CBT technique of labeling distorted thinking and finding alternative modes of thought (i.e. reframing) while cognitive distortions are occurring. The CDJ does that work for you. -- The CDJ is in beta testing!!
https://thecdj.app
3 stars 0 forks source link

Upgrade local dev environment to https. #27

Closed hiyaryan closed 8 months ago

hiyaryan commented 9 months ago

This (attempts) to make the local development servers (vite and express) serve over https which will make the development environment look closer to actual production. The first commits setup cors (on both vite an express) and session (in only express) to run only securely on both production and development environments. Some additional security practices have been implemented such as moving all exposed urls to .env and resolves minor errors such as removing the account icon that did not load from its original src.

Note that in order to run the server over HTTPS you need your own SSL Certificate Authority (CA) and certificates need to be loaded into the servers requesting HTTPS access. This website provides a good reference to becoming a tiny CA and creating certificates needed. Even having followed this and importing certificates into the servers the browser still doesn't recognize the site as secure even with it being served as https (see Issue #28 for more information).

hiyaryan commented 8 months ago

This PR is now closed. For simplicity sake, the dev environment will be kept over http. Using https will require anyone who clones this repository to be a certificate authority in order to run the application. While it's important to know how the application functions over https (as close to production as it can get), this can be applied from within the production environment itself.