Harden local/prod cookie policy and Mongo connection settings

config/cookiesOptions.js

@@ -1,8 +1,12 @@
+const isProduction = process.env.NODE_ENV === "production";
+const forceSecureCookie = process.env.COOKIE_SECURE === "true";
+const secure = forceSecureCookie || isProduction;
+
 const cookiesOptions = {
-    maxAge: 1000 * 60 * 60 * 24 * 90, // would expire after 30 days
+    maxAge: 1000 * 60 * 60 * 24 * 90, // would expire after 90 days
     httpOnly: true, // The cookie only accessible by the web server
-    sameSite: 'none', // This and secure are required for properly 
-    secure: true,     // manage cockies in cros-domain
+    sameSite: secure ? 'none' : 'lax',
+    secure,
 };
 
-module.exports = { cookiesOptions };
+module.exports = { cookiesOptions };

config/corsOptions.js

@@ -1,6 +1,10 @@
 var corsOptions = {
     origin: [
         'http://localhost:8080', 
+        'http://localhost:8081',
+        'http://127.0.0.1:3000',
+        'http://127.0.0.1:8080',
+        'http://127.0.0.1:8081',
         'http://localhost:3000', 
         "https://social.emmint.com",  
         "https://fellowship.emmint.com",
@@ -9,4 +13,4 @@ var corsOptions = {
     credentials: true
 };
 
-module.exports = { corsOptions };
+module.exports = { corsOptions };