'How can I prevent third-party cookies from being set on my site?
I just noticed that some third-party tracking cookies have been set on my website without notifying me.
<img src="https://i.pravatar.cc/64" />
Rendering this creates 2 google analytics cookies on my site. https://pravatar.cc/ They have no notices about setting cookies or tracking sites when using their API.
This is my server setup:
declare module 'express-session' {
export interface SessionData {
user: {
id: string;
organisation: string;
};
}
}
const startApolloServer = async () => {
const RedisStore = connectRedis(session);
const redisClient = createClient({ legacyMode: true });
redisClient.connect().catch(console.error);
const app = express();
//Redis
app.use(
session({
name: 'uId',
store: new RedisStore({ client: redisClient, disableTouch: true }),
saveUninitialized: false,
secret: 'mysecret',
resave: false,
cookie: {
maxAge: 1000 * 60 * 60 * 24, //One day
secure: false, //dev only
httpOnly: false, //dev only
sameSite: 'lax',
},
}),
);
const server = new ApolloServer({
schema,
context: ({ req, res }: { req: Request; res: Response }) => ({
req,
res,
}),
});
await server.start();
server.applyMiddleware({
app,
cors: {
credentials: true,
origin: ['http://localhost:3000', 'http://localhost:4000'],
},
bodyParserConfig: true,
});
await new Promise((resolve) =>
app.listen({ port: 4000 }, resolve as () => void),
);
console.log(`🚀 Server ready at http://localhost:4000${server.graphqlPath}`);
return { server, app };
};
startApolloServer();
How can I allow cookies to be set only from my http api (Later my https api)?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|