set `sameSite` to `lax` when allowing insecure cookies (#1078)
Browse files
src/lib/server/auth.ts
CHANGED
|
@@ -55,7 +55,7 @@ export function refreshSessionCookie(cookies: Cookies, sessionId: string) {
|
|
| 55 |
cookies.set(COOKIE_NAME, sessionId, {
|
| 56 |
path: "/",
|
| 57 |
// So that it works inside the space's iframe
|
| 58 |
-
sameSite: dev ? "lax" : "none",
|
| 59 |
secure: !dev && !(ALLOW_INSECURE_COOKIES === "true"),
|
| 60 |
httpOnly: true,
|
| 61 |
expires: addWeeks(new Date(), 2),
|
|
|
|
| 55 |
cookies.set(COOKIE_NAME, sessionId, {
|
| 56 |
path: "/",
|
| 57 |
// So that it works inside the space's iframe
|
| 58 |
+
sameSite: dev || ALLOW_INSECURE_COOKIES === "true" ? "lax" : "none",
|
| 59 |
secure: !dev && !(ALLOW_INSECURE_COOKIES === "true"),
|
| 60 |
httpOnly: true,
|
| 61 |
expires: addWeeks(new Date(), 2),
|
src/routes/logout/+page.server.ts
CHANGED
|
@@ -11,7 +11,7 @@ export const actions = {
|
|
| 11 |
cookies.delete(COOKIE_NAME, {
|
| 12 |
path: "/",
|
| 13 |
// So that it works inside the space's iframe
|
| 14 |
-
sameSite: dev ? "lax" : "none",
|
| 15 |
secure: !dev && !(ALLOW_INSECURE_COOKIES === "true"),
|
| 16 |
httpOnly: true,
|
| 17 |
});
|
|
|
|
| 11 |
cookies.delete(COOKIE_NAME, {
|
| 12 |
path: "/",
|
| 13 |
// So that it works inside the space's iframe
|
| 14 |
+
sameSite: dev || ALLOW_INSECURE_COOKIES === "true" ? "lax" : "none",
|
| 15 |
secure: !dev && !(ALLOW_INSECURE_COOKIES === "true"),
|
| 16 |
httpOnly: true,
|
| 17 |
});
|