From 5a84085959eb96cf67f24d927bebf1f5850a0209 Mon Sep 17 00:00:00 2001
From: Sebastian Rindom <skrindom@gmail.com>
Date: Fri, 21 Aug 2020 23:01:08 +0200
Subject: [PATCH] Secure proxies

---
 packages/medusa/src/loaders/express.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/medusa/src/loaders/express.js b/packages/medusa/src/loaders/express.js
index eca1b1038b..488942a2b0 100644
--- a/packages/medusa/src/loaders/express.js
+++ b/packages/medusa/src/loaders/express.js
@@ -19,8 +19,10 @@ export default async ({ app }) => {
       secret: config.cookieSecret,
       duration: 24 * 60 * 60 * 1000,
       activeDuration: 1000 * 60 * 5,
+      proxy: true,
       cookie: {
         httpOnly: true,
+        secureProxy: true,
         secure: process.env.NODE_ENV === "production",
       },
     })