stemedb/applications/aphoria/uat/fixtures/express/server.js

const express = require('express');
const cors = require('cors');
const session = require('express-session');

const app = express();

// BAD: CORS with wildcard origin and credentials
app.use(cors({
    origin: '*',
    credentials: true
}));

app.use(session({
    secret: 'keyboard cat',
    resave: false,
    cookie: {
        secure: false,
        httpOnly: false
    }
}));

app.listen(3000);