From 2c9f27b8de58ab93c1eb93f7944c4e2a4405b83e Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Wed, 20 Apr 2022 22:29:28 +0200
Subject: [PATCH] set secure to true in cookies

---
 server.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server.js b/server.js
index cf2eba7..0de354f 100644
--- a/server.js
+++ b/server.js
@@ -265,7 +265,7 @@ router.post("/register",async function(req,res) {
       let ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress
       let setTo = username + " " + SHA256(password)
       let cookiesigned = signature.sign(setTo, cookiesecret+ip);
-      res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: false });
+      res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: true });
       res.redirect("/user?success=true")
     });
   })
@@ -310,7 +310,7 @@ router.post("/login",async function(req,res) {
       let ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress
       let setTo = username + " " + SHA256(password)
       let cookiesigned = signature.sign(setTo, cookiesecret+ip);
-      res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: false });
+      res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: true });
       res.redirect("/user?success=true")
     } else {
       res.redirect("/login?success=false")