Potential fix for code scanning alert no. 4: Clear text transmission of sensitive cookie

backend/app.js

@@ -12,6 +12,7 @@ var indexRouter = require('./routes/index');
 var authRouter = require('./routes/auth');
 
 var app = express();
+app.set('trust proxy', 1);
 
 app.locals.pluralize = require('pluralize');
 
@@ -29,7 +30,11 @@ app.use(session({
   secret: 'keyboard cat',
   resave: false,
   saveUninitialized: false,
-  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' })
+  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' }),
+  cookie: {
+    secure: true,
+    httpOnly: true
+  }
 }));
 app.use('/', indexRouter);
 app.use('/', authRouter);
@@ -64,15 +69,23 @@ app.use(session({
   secret: 'keyboard cat',
   resave: false,
   saveUninitialized: false,
-  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' })
+  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' }),
+  cookie: {
+    secure: true,
+    httpOnly: true
+  }
 }));
 app.use('/', indexRouter);
 app.use('/', authRouter);
 app.use(session({
   secret: 'keyboard cat',
   resave: false,
   saveUninitialized: false,
-  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' })
+  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' }),
+  cookie: {
+    secure: true,
+    httpOnly: true
+  }
 }));
 app.use(passport.authenticate('session'));
 // catch 404 and forward to error handler
@@ -96,7 +109,11 @@ app.use(session({
   secret: 'keyboard cat',
   resave: false,
   saveUninitialized: false,
-  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' })
+  store: new SQLiteStore({ db: 'sessions.db', dir: './var/db' }),
+  cookie: {
+    secure: true,
+    httpOnly: true
+  }
 }));
 app.use(passport.authenticate('session'));
 // catch 404 and forward to error handler