Do not allow so send cookies in cors use case

2016-07-01 20:31:43 +02:00
parent 4aa2ce4501
commit 982bfc313c
1 changed files with 1 additions and 1 deletions
--- a/src/server.js
+++ b/src/server.js
@@ -55,7 +55,7 @@ function initializeExpressSync() {
       .use(json)
       .use(urlencoded)
       .use(middleware.cookieParser())
-       .use(middleware.cors({ origins: [ '*' ], allowCredentials: true }))
+       .use(middleware.cors({ origins: [ '*' ], allowCredentials: false }))
       .use(middleware.session({ secret: 'yellow is blue', resave: true, saveUninitialized: true, cookie: { path: '/', httpOnly: true, secure: false, maxAge: 600000 } }))
       .use(passport.initialize())
       .use(passport.session())