yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add sameSite attribute for auth cookies

Browse Source
This commit is contained in:
Tom Moor
2022-09-24 21:46:25 -04:00
parent 61a8230b47
commit 89a133ea59
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
server/routes/auth/index.ts
View File

@@ -35,6 +35,7 @@ router.get("/redirect", auth(), async (ctx) => {
ctx.cookies.set("accessToken", jwtToken, {
httpOnly: false,
sameSite: true,
expires: addMonths(new Date(), 3),
});
const [team, collection, view] = await Promise.all([

2
server/utils/authentication.ts
View File

@@ -74,6 +74,7 @@ export async function signIn(
// only used to display a UI hint for the user for next time
ctx.cookies.set("lastSignedIn", service, {
httpOnly: false,
sameSite: true,
expires: new Date("2100"),
domain,
});
@@ -101,6 +102,7 @@ export async function signIn(
ctx.redirect(`${team.url}/auth/redirect?token=${user.getTransferToken()}`);
} else {
ctx.cookies.set("accessToken", user.getJwtToken(), {
sameSite: true,
httpOnly: false,
expires,
});