Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-29 19:12:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1686 from TriliumNext/refactor_remove-cookiePath

Browse Source 
refactor(cookiePath): remove non-working cookiePath option
This commit is contained in:
Elian Doran 2025-04-13 17:12:25 +03:00 committed by GitHub
commit 9d1e99f2e8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 55 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
data-docs/config.ini
View File

@ -30,13 +30,6 @@ trustedReverseProxy=false
[Session] [Session]
# Use this setting to set a custom value for the "Path" Attribute value of the session cookie.
# This can be useful, when you have several instances running on the same domain, under different paths (e.g. by using a reverse proxy).
# It prevents your instances from overwriting each others' cookies, allowing you to stay logged in multiple instances simultanteously.
# E.g. if you have instances running under https://your-domain.com/triliumNext/instanceA and https://your-domain.com/triliumNext/instanceB
# you would want to set the cookiePath value to "/triliumNext/instanceA" for your first and "/triliumNext/instanceB" for your second instance
cookiePath=/
# Use this setting to set a custom value for the "Max-Age" Attribute of the session cookie. # Use this setting to set a custom value for the "Max-Age" Attribute of the session cookie.
# This controls how long your session will be valid, before it expires and you need to log in again, when you use the "Remember Me" option. # This controls how long your session will be valid, before it expires and you need to log in again, when you use the "Remember Me" option.
# Value needs to be entered in Seconds. # Value needs to be entered in Seconds.

29
docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Nginx.md
View File

@ -27,7 +27,7 @@ Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log; #check the path of access.log, if it doesn't fit your file, change it access_log /var/log/nginx/access.log; #check the path of access.log, if it doesn't fit your file, change it
location / { location / {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@ -40,10 +40,31 @@ Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
} }
} }
# This part is for HTTPS forced # This part is for HTTPS forced
server { server {
listen 80; listen 80;
server_name trilium.example.net; # change to your domain server_name trilium.example.net; # change to your domain
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
```
4. Alternatively if you want to serve the instance under a different path (useful e.g. if you want to serve multiple instances), update the location block like so:
* update the location with your desired path (make sure to not leave a trailing slash "/", if your `proxy_pass` does not end on a slash as well)
* add the `proxy_cookie_path` directive with the same path: this allows you to stay logged in at multiple instances at the same time.
```
location /trilium/instance-one {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used
proxy_cookie_path / /trilium/instance-one
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
}
``` ```

32
src/public/app/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Nginx.html generated
View File

@ -21,7 +21,7 @@ server {
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log; #check the path of access.log, if it doesn't fit your file, change it access_log /var/log/nginx/access.log; #check the path of access.log, if it doesn't fit your file, change it
location / { location / {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@ -34,11 +34,35 @@ server {
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
} }
} }
# This part is for HTTPS forced # This part is for HTTPS forced
server { server {
listen 80; listen 80;
server_name trilium.example.net; # change to your domain server_name trilium.example.net; # change to your domain
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
}</code></pre> }</code></pre>
</li> </li>
<li>
<p>Alternatively if you want to serve the instance under a different path
(useful e.g. if you want to serve multiple instances), update the location
block like so:</p>
<ul>
<li>update the location with your desired path (make sure to not leave a trailing
slash "/", if your <code>proxy_pass</code> does not end on a slash as well)</li>
<li>add the <code>proxy_cookie_path</code> directive with the same path: this
allows you to stay logged in at multiple instances at the same time.</li>
</ul><pre><code class="language-text-x-trilium-auto"> location /trilium/instance-one {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used
proxy_cookie_path / /trilium/instance-one
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
}
</code></pre>
</li>
</ol> </ol>

3
src/routes/csrf_protection.ts
View File

@ -1,12 +1,11 @@
import { doubleCsrf } from "csrf-csrf"; import { doubleCsrf } from "csrf-csrf";
import sessionSecret from "../services/session_secret.js"; import sessionSecret from "../services/session_secret.js";
import { isElectron } from "../services/utils.js"; import { isElectron } from "../services/utils.js";
import config from "../services/config.js";
const doubleCsrfUtilities = doubleCsrf({ const doubleCsrfUtilities = doubleCsrf({
getSecret: () => sessionSecret, getSecret: () => sessionSecret,
cookieOptions: { cookieOptions: {
path: config.Session.cookiePath, path: "/",
secure: false, secure: false,
sameSite: "strict", sameSite: "strict",
httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966 httpOnly: !isElectron // set to false for Electron, see https://github.com/TriliumNext/Notes/pull/966

2
src/routes/session_parser.ts
View File

@ -11,7 +11,7 @@ const sessionParser = session({
resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request. resave: false, // true forces the session to be saved back to the session store, even if the session was never modified during the request.
saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified. saveUninitialized: false, // true forces a session that is "uninitialized" to be saved to the store. A session is uninitialized when it is new but not modified.
cookie: { cookie: {
path: config.Session.cookiePath, path: "/",
httpOnly: true, httpOnly: true,
maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds maxAge: config.Session.cookieMaxAge * 1000 // needs value in milliseconds
}, },

4
src/services/config.ts
View File

@ -31,7 +31,6 @@ export interface TriliumConfig {
trustedReverseProxy: boolean | string; trustedReverseProxy: boolean | string;
}; };
Session: { Session: {
cookiePath: string;
cookieMaxAge: number; cookieMaxAge: number;
}; };
Sync: { Sync: {
@ -84,9 +83,6 @@ const config: TriliumConfig = {
}, },
Session: { Session: {
cookiePath:
process.env.TRILIUM_SESSION_COOKIEPATH || iniConfig?.Session?.cookiePath || "/",
cookieMaxAge: cookieMaxAge:
parseInt(String(process.env.TRILIUM_SESSION_COOKIEMAXAGE)) || parseInt(iniConfig?.Session?.cookieMaxAge) || 21 * 24 * 60 * 60 // 21 Days in Seconds parseInt(String(process.env.TRILIUM_SESSION_COOKIEMAXAGE)) || parseInt(iniConfig?.Session?.cookieMaxAge) || 21 * 24 * 60 * 60 // 21 Days in Seconds
}, },