chore: Use httpOnly authentication cookie (#5552)

2023-07-15 16:56:32 -04:00
parent b1230d0c81
commit 39e12cef65
16 changed files with 114 additions and 120 deletions
--- a/server/utils/passport.ts
+++ b/server/utils/passport.ts
@@ -27,7 +27,6 @@ export class StateStore {
    const state = buildState(host, token, client);

    ctx.cookies.set(this.key, state, {
-      httpOnly: false,
      expires: addMinutes(new Date(), 10),
      domain: getCookieDomain(ctx.hostname),
    });
@@ -54,7 +53,6 @@ export class StateStore {

    // Destroy the one-time pad token and ensure it matches
    ctx.cookies.set(this.key, "", {
-      httpOnly: false,
      expires: subMinutes(new Date(), 1),
      domain: getCookieDomain(ctx.hostname),
    });