fixed tests and package vulnerabilities

2026-01-17 11:12:40 -05:00
parent cf97dffbfb
commit f58178a253
12 changed files with 4432 additions and 2412 deletions
--- a/backend/middleware/csrf.js
+++ b/backend/middleware/csrf.js
@@ -59,7 +59,7 @@ const generateCSRFToken = (req, res, next) => {
  // Set token in cookie (httpOnly for security)
  res.cookie("csrf-token", token, {
    httpOnly: true,
-    secure: process.env.NODE_ENV !== "dev",
+    secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
    sameSite: "strict",
    maxAge: 60 * 60 * 1000, // 1 hour
  });
@@ -79,7 +79,7 @@ const getCSRFToken = (req, res) => {

  res.cookie("csrf-token", token, {
    httpOnly: true,
-    secure: process.env.NODE_ENV !== "dev",
+    secure: ["production", "prod", "qa"].includes(process.env.NODE_ENV),
    sameSite: "strict",
    maxAge: 60 * 60 * 1000,
  });