Use HTTPS
QPlan should exclusively use HTTPS with an SSL certificate. The server should be set to auto-forward requests from HTTP to HTTPS, and the back end configured using express-force-https. This also means an SSL certificate is needed and must be installed on the server.
-
Acquire SSL certificate -
Install SSL certificate -
Configure server to forward HTTP -> HTTPS -
Configure express-force-https -
Set cookie.secure
to be true for express session