Merge pull request #286 from cfabianski/patch-1

lirantal · web-flow · commit b2aed3819e59 · 2023-03-18T13:37:32.000+01:00
doc: annotate server.js with extra info regarding session and static …
diff --git a/server.js b/server.js
@@ -116,6 +116,8 @@ MongoClient.connect(db, (err, db) => {
     app.engine(".html", consolidate.swig);
     app.set("view engine", "html");
     app.set("views", `${__dirname}/app/views`);
+    // Fix for A5 - Security MisConfig
+    // TODO: make sure assets are declared before app.use(session())
     app.use(express.static(`${__dirname}/app/assets`));
 
 
