Parent/Guardian Email Reset#594
Parent/Guardian Email Reset#594erinharrington-12 wants to merge 58 commits intoprojects-non-challengefrom
Conversation
Fix JSON error and add error handling
Indent and Reset code functional again Documentation Window now using Ivygate's Documentation Window Added Common Documentation
…for parent/guardian consent
erinharrington-12
changed the base branch from
master
to
projects-non-challenge
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| session({ | ||
| secret: config.server.sessionSecret || "kipr-simulator-session-secret", | ||
| resave: false, | ||
| saveUninitialized: true, | ||
| cookie: { | ||
| maxAge: 24 * 60 * 60 * 1000, // 24 hours | ||
| httpOnly: true, | ||
| secure: process.env.NODE_ENV === "production" ? true : false, // Enforce secure cookies in production | ||
| }, | ||
| name: "kipr_session", | ||
| }) |
Check warning
Code scanning / CodeQL
Clear text transmission of sensitive cookie
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
To fix this issue, set the secure attribute of the session cookie to true, which ensures cookies are transmitted only over HTTPS connections. However, if you must support non-HTTPS in development, consider using a warning or, ideally, fail fast when NODE_ENV is not "production" and secure is disabled. The fix involves updating the cookie configuration in the session middleware in express.js (lines 39–43) to always use secure: true. If strict enforcement is problematic for development, output a clear warning when running in insecure mode, or support local development over HTTPS.
In summary:
- Update the cookie configuration in the session middleware to set
secure: true. - Optionally, log or throw an error if NODE_ENV is not "production" and HTTPS is not used.
- No method definitions or extra imports are needed beyond this configuration update.
| @@ -39,7 +39,7 @@ | ||
| cookie: { | ||
| maxAge: 24 * 60 * 60 * 1000, // 24 hours | ||
| httpOnly: true, | ||
| secure: process.env.NODE_ENV === "production" ? true : false, // Enforce secure cookies in production | ||
| secure: true, // Always enforce secure cookies; transmits only over HTTPS | ||
| }, | ||
| name: "kipr_session", | ||
| }) |
Rename 'Scratch' to 'Graphical' in LanguageSelectCharm for user facing view.
Scene name overlay
Fix reflectance sensor picking invisible meshes
Rename 'Scratch' to 'Graphical'
Add spring 26 game table
|
In configs/webpack/common.js, the single quotes changed to double quotes, need to change them back. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
4 participants
Adds a button to the waiting page for parental/guardian consent for child to use the Simulator that allows for resetting of the parent/guardian email.