From e09b78cf820a04e805cb05f1f30f48f1efee0d37 Mon Sep 17 00:00:00 2001
From: Grant <grant@sc07.company>
Date: Tue, 2 Apr 2024 23:54:53 -0600
Subject: [PATCH] vary express & express-session options depending on
 environment (fixes #21)

---
 packages/server/src/lib/Express.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/packages/server/src/lib/Express.ts b/packages/server/src/lib/Express.ts
index 99473c3..607cc66 100644
--- a/packages/server/src/lib/Express.ts
+++ b/packages/server/src/lib/Express.ts
@@ -16,8 +16,12 @@ export const session = expressSession({
     prefix: process.env.REDIS_SESSION_PREFIX || "canvas_session:",
   }),
   cookie: {
-    sameSite: "none",
     httpOnly: false,
+    ...(process.env.NODE_ENV === "development"
+      ? { sameSite: "none" }
+      : {
+          secure: true,
+        }),
   },
 });
 
@@ -27,6 +31,11 @@ export class ExpressServer {
 
   constructor() {
     this.app = express();
+
+    if (process.env.NODE_ENV === "production") {
+      this.app.set("trust proxy", 1);
+    }
+
     this.httpServer = http.createServer(this.app);
 
     if (process.env.SERVE_CLIENT) {