Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: make security connection optional by default #1354

Merged
merged 1 commit into from
Sep 5, 2022
Merged

feat: make security connection optional by default #1354

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/deploy-vue-storefront-cloud.yml
View file
Open in desktop
Expand Up @@ -119,6 +119,8 @@ jobs:
VSF_RECAPTCHA_SITE_KEY: 6Ldce0EeAAAAAAGGtGWG-e-SygXiFub6PXHT5fKd
VSF_RECAPTCHA_SECRET_KEY: ${{ secrets.RECAPTCHA_SECRET_KEY }}

VSF_COOKIE_SECURE: true

VSF_SENTRY_DSN: ${{ secrets.SENTRY_DSN }}

LAST_COMMIT: ${{ github.sha }}
Expand Down
31 changes: 27 additions & 4 deletions docs/installation-setup/configure-integration.md
View file
Open in desktop
Expand Up @@ -77,6 +77,14 @@ After installation, the first step is configuring the integration using the envi
VSF_RECAPTCHA_VERSION=3
```

#### Cookies configuration
```
VSF_COOKIE_HTTP_ONLY=
VSF_COOKIE_SECURE=
VSF_COOKIE_SAME_SITE=
VSF_COOKIE_PATH=
```

#### Other
```
NODE_TLS_REJECT_UNAUTHORIZED=0 # toggle TLS verification (eg. for a local development)
Expand Down Expand Up @@ -132,7 +140,7 @@ When working with translation in your application, you need to:

### 4. Configure default cookies settings

Vue Storefront app uses different cookies but all share the same default config. To adjust the configuration you have to modify `middleware.config.js`.
Vue Storefront app uses different cookies but all share the same default config. To adjust the configuration you have to add `env` variable, which is the recommended way, or modify `middleware.config.js`.
Once done, rebuild your application.

```js
Expand All @@ -143,8 +151,8 @@ module.exports = {
/*...*/
// Here you can override default cookies options
cookiesDefaultOpts: {
httpOnly: false,
secure: true, // Make sure that you have ssl configured, otherwise disable this flag
httpOnly: VSF_COOKIE_HTTP_ONLY || false,
secure: VSF_COOKIE_SECURE || true, // Make sure that you have ssl configured, otherwise disable this flag
},
/*...*/
},
Expand All @@ -158,13 +166,28 @@ module.exports = {
### Install `mkcert`
Please, follow the steps in the [official instruction](https://github.com/FiloSottile/mkcert). Different OS might require different steps to accomplish the task.

### Generate certificate for a local development
#### Update nuxt.config.js
In the `nuxt.config.js` add the certificate configuration

```
baseConfig.server = {
...baseConfig.server,
https: {
key: fs.readFileSync(path.resolve(__dirname, 'localhost-key.pem')),
cert: fs.readFileSync(path.resolve(__dirname, 'localhost.pem')),
},
};
```


#### Generate certificate for a local development
If you set up your project from CLI run the command in the APP root directory.
If you are a contributor and have cloned Vue Storefront repository, run the command in `packages/theme`.
```
mkcert localhost
```


### Start project
```bash
yarn dev
Expand Down
7 changes: 6 additions & 1 deletion packages/theme/.env.example
View file
Open in desktop
@@ -1,6 +1,6 @@
VSF_NUXT_APP_ENV=development
VSF_NUXT_APP_PORT=3000
VSF_NUXT_APP_HOST=0.0.0.0
VSF_NUXT_APP_HOST=localhost

VSF_STORE_URL=https://localhost:3000
VSF_MIDDLEWARE_URL=https://localhost:3000/api/
Expand Down Expand Up @@ -31,4 +31,9 @@ VSF_RECAPTCHA_SIZE=invisible
VSF_RECAPTCHA_MIN_SCORE=0.5
VSF_RECAPTCHA_VERSION=3

VSF_COOKIE_HTTP_ONLY=
VSF_COOKIE_SECURE=
VSF_COOKIE_SAME_SITE=
VSF_COOKIE_PATH=

NODE_TLS_REJECT_UNAUTHORIZED=0
8 changes: 4 additions & 4 deletions packages/theme/middleware.config.js
View file
Open in desktop
Expand Up @@ -29,10 +29,10 @@ module.exports = {
...cookieNames,
},
cookiesDefaultOpts: {
httpOnly: false,
secure: true,
sameSite: 'Strict',
path: '/',
httpOnly: process.env.VSF_COOKIE_HTTP_ONLY || false,
secure: process.env.VSF_COOKIE_SECURE || false,
sameSite: process.env.VSF_COOKIE_SAME_SITE || 'Strict',
path: process.env.VSF_COOKIE_PATH || '/',
},
defaultStore: 'default',
externalCheckout: {
Expand Down
12 changes: 0 additions & 12 deletions packages/theme/nuxt.config.js
View file
Open in desktop
Expand Up @@ -2,8 +2,6 @@
/* eslint-disable unicorn/prefer-module */
// @core-development-only-end
import webpack from 'webpack';
import fs from 'fs';
import path from 'path';
import middleware from './middleware.config';
import { getRoutes } from './routes';

Expand Down Expand Up @@ -296,15 +294,5 @@ export default () => {
};
}

if (process.env.NODE_ENV === 'development' || process.env.VSF_NUXT_APP_ENV === 'development') {
baseConfig.server = {
...baseConfig.server,
https: {
key: fs.readFileSync(path.resolve(__dirname, 'localhost-key.pem')),
cert: fs.readFileSync(path.resolve(__dirname, 'localhost.pem')),
},
};
}

return baseConfig;
};