chore(release): 0.23.3 [skip ci]

## [0.23.3](https://github.com/sasjs/server/compare/v0.23.2...v0.23.3) (2022-10-09) ### Bug Fixes * added domain for session cookies ([94072c3](94072c3d24))
Merge pull request #302 from sasjs/cookies-with-domain
2025-12-10 19:34:34 +00:00 · 2022-10-09 20:32:07 +00:00 · 2022-10-09 21:26:40 +01:00 · 2022-10-10 00:48:13 +05:00 · 2022-10-09 22:08:01 +05:00 · 2022-10-06 12:41:15 +00:00
8 changed files with 42 additions and 24 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,19 @@
+## [0.23.3](https://github.com/sasjs/server/compare/v0.23.2...v0.23.3) (2022-10-09)
+
+
+### Bug Fixes
+
+* added domain for session cookies ([94072c3](https://github.com/sasjs/server/commit/94072c3d24a4d0d4c97900dc31bfbf1c9d2559b7))
+
+## [0.23.2](https://github.com/sasjs/server/compare/v0.23.1...v0.23.2) (2022-10-06)
+
+
+### Bug Fixes
+
+* bump in correct place ([14731e8](https://github.com/sasjs/server/commit/14731e8824fa9f3d1daf89fd62f9916d5e3fcae4))
+* bumping sasjs/score ([258cc35](https://github.com/sasjs/server/commit/258cc35f14cf50f2160f607000c60de27593fd79))
+* reverting commit ([fda0e0b](https://github.com/sasjs/server/commit/fda0e0b57d56e3b5231e626a8d933343ac0c5cdc))
+
 ## [0.23.1](https://github.com/sasjs/server/compare/v0.23.0...v0.23.1) (2022-10-04)


--- a/api/.env.example
+++ b/api/.env.example
@@ -1,5 +1,6 @@
 MODE=[desktop|server] default considered as desktop
 CORS=[disable|enable] default considered as disable for server MODE & enable for desktop MODE
+ALLOWED_DOMAIN=<just domain e.g. example.com >
 WHITELIST=<space separated urls, each starting with protocol `http` or `https`>

 PROTOCOL=[http|https] default considered as http
--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -8,7 +8,7 @@
      "name": "api",
      "version": "0.0.2",
      "dependencies": {
-        "@sasjs/core": "^4.31.3",
+        "@sasjs/core": "^4.40.1",
        "@sasjs/utils": "2.48.1",
        "bcryptjs": "^2.4.3",
        "connect-mongo": "^4.6.0",
@@ -1394,9 +1394,9 @@
      }
    },
    "node_modules/@sasjs/core": {
-      "version": "4.31.3",
-      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.31.3.tgz",
-      "integrity": "sha512-TpVqWl5bqp3JTQjIg0r4WiQg7Ima5f17eAJILJbdYDdXsnLXlA/Csbb95G7eDPhzWpM3C0NrzKek3yvCMGzXIA=="
+      "version": "4.40.1",
+      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.40.1.tgz",
+      "integrity": "sha512-hVEVnH8tej57Cran/X/iUoDms7EoL+2fwAPvjQMgHBHh8ynsF8aqYBreiRCwbrvdrjBsnmayOVh2RiQLtfHhoQ=="
    },
    "node_modules/@sasjs/utils": {
      "version": "2.48.1",
@@ -11135,9 +11135,9 @@
      }
    },
    "@sasjs/core": {
-      "version": "4.31.3",
-      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.31.3.tgz",
-      "integrity": "sha512-TpVqWl5bqp3JTQjIg0r4WiQg7Ima5f17eAJILJbdYDdXsnLXlA/Csbb95G7eDPhzWpM3C0NrzKek3yvCMGzXIA=="
+      "version": "4.40.1",
+      "resolved": "https://registry.npmjs.org/@sasjs/core/-/core-4.40.1.tgz",
+      "integrity": "sha512-hVEVnH8tej57Cran/X/iUoDms7EoL+2fwAPvjQMgHBHh8ynsF8aqYBreiRCwbrvdrjBsnmayOVh2RiQLtfHhoQ=="
    },
    "@sasjs/utils": {
      "version": "2.48.1",
--- a/api/package.json
+++ b/api/package.json
@@ -48,7 +48,7 @@
  },
  "author": "4GL Ltd",
  "dependencies": {
-    "@sasjs/core": "^4.31.3",
+    "@sasjs/core": "^4.40.1",
    "@sasjs/utils": "2.48.1",
    "bcryptjs": "^2.4.3",
    "connect-mongo": "^4.6.0",
--- a/api/src/app-modules/configureExpressSession.ts
+++ b/api/src/app-modules/configureExpressSession.ts
@@ -1,10 +1,9 @@
-import { Express } from 'express'
+import { Express, CookieOptions } from 'express'
 import mongoose from 'mongoose'
 import session from 'express-session'
 import MongoStore from 'connect-mongo'

-import { ModeType } from '../utils'
-import { cookieOptions } from '../app'
+import { ModeType, ProtocolType } from '../utils'

 export const configureExpressSession = (app: Express) => {
  const { MODE } = process.env
@@ -19,6 +18,15 @@ export const configureExpressSession = (app: Express) => {
      })
    }

+    const { PROTOCOL, ALLOWED_DOMAIN } = process.env
+    const cookieOptions: CookieOptions = {
+      secure: PROTOCOL === ProtocolType.HTTPS,
+      httpOnly: true,
+      sameSite: PROTOCOL === ProtocolType.HTTPS ? 'none' : undefined,
+      maxAge: 24 * 60 * 60 * 1000, // 24 hours
+      domain: ALLOWED_DOMAIN?.trim() || undefined
+    }
+
    app.use(
      session({
        secret: process.secrets.SESSION_SECRET,
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -1,5 +1,5 @@
 import path from 'path'
-import express, { ErrorRequestHandler, CookieOptions } from 'express'
+import express, { ErrorRequestHandler } from 'express'
 import cookieParser from 'cookie-parser'
 import dotenv from 'dotenv'

@@ -8,7 +8,6 @@ import {
  getWebBuildFolder,
  instantiateLogger,
  loadAppStreamConfig,
-  ProtocolType,
  ReturnCode,
  setProcessVariables,
  setupFolders,
@@ -29,15 +28,6 @@ if (verifyEnvVariables()) process.exit(ReturnCode.InvalidEnv)

 const app = express()

-const { PROTOCOL } = process.env
-
-export const cookieOptions: CookieOptions = {
-  secure: PROTOCOL === ProtocolType.HTTPS,
-  httpOnly: true,
-  sameSite: PROTOCOL === ProtocolType.HTTPS ? 'none' : undefined,
-  maxAge: 24 * 60 * 60 * 1000 // 24 hours
-}
-
 const onError: ErrorRequestHandler = (err, req, res, next) => {
  console.error(err.stack)
  res.status(500).send('Something broke!')
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -14,7 +14,10 @@ webRouter.get('/', async (req, res) => {
  } catch (_) {
    response = '<html><head></head><body>Web Build is not present</body></html>'
  } finally {
-    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${generateCSRFToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
+    const { ALLOWED_DOMAIN } = process.env
+    const allowedDomain = ALLOWED_DOMAIN?.trim()
+    const domain = allowedDomain ? ` Domain=${allowedDomain};` : ''
+    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${generateCSRFToken()};${domain} Max-Age=86400; SameSite=Strict; Path=/;'</script>`
    const injectedContent = response?.replace(
      '</head>',
      `${codeToInject}</head>`
--- a/api/src/utils/verifyEnvVariables.ts
+++ b/api/src/utils/verifyEnvVariables.ts
@@ -267,7 +267,7 @@ const verifyRUN_TIMES = (): string[] => {
  return errors
 }

-const verifyExecutablePaths = () => {
+const verifyExecutablePaths = (): string[] => {
  const errors: string[] = []
  const { RUN_TIMES, SAS_PATH, NODE_PATH, PYTHON_PATH, R_PATH, MODE } =
    process.env
Author	SHA1	Message	Date
semantic-release-bot	de3a190a8d	chore(release): 0.23.3 [skip ci] ## [0.23.3](https://github.com/sasjs/server/compare/v0.23.2...v0.23.3) (2022-10-09) ### Bug Fixes * added domain for session cookies ([`94072c3`](`94072c3d24`))	2022-10-09 20:32:07 +00:00
Allan Bowe	d5daafc6ed	Merge pull request #302 from sasjs/cookies-with-domain fix: added domain for session cookies	2022-10-09 21:26:40 +01:00
Saad Jutt	b1a2677b8c	chore: specified domain for cookie for csrf as well	2022-10-10 00:48:13 +05:00
Saad Jutt	94072c3d24	fix: added domain for session cookies	2022-10-09 22:08:01 +05:00
semantic-release-bot	b64c0c12da	chore(release): 0.23.2 [skip ci] ## [0.23.2](https://github.com/sasjs/server/compare/v0.23.1...v0.23.2) (2022-10-06) ### Bug Fixes * bump in correct place ([`14731e8`](`14731e8824`)) * bumping sasjs/score ([`258cc35`](`258cc35f14`)) * reverting commit ([`fda0e0b`](`fda0e0b57d`))	2022-10-06 12:41:15 +00:00
Allan Bowe	79bc7b0e28	Merge pull request #300 from sasjs/corebump fix: bumping sasjs/score	2022-10-06 13:36:20 +01:00
Allan Bowe	fda0e0b57d	fix: reverting commit	2022-10-06 12:35:59 +00:00
Allan Bowe	14731e8824	fix: bump in correct place	2022-10-06 12:34:48 +00:00
Allan Bowe	258cc35f14	fix: bumping sasjs/score	2022-10-06 12:32:13 +00:00