Skip to content

Commit

Permalink
Add sameSite=strict to cookies config and when deleting cookie
Browse files Browse the repository at this point in the history
  • Loading branch information
@iampava
iampava committed Dec 10, 2023
1 parent 42b3a1f commit 5914320
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
1 change: 1 addition & 0 deletions server/ServerUtils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ const COOKIE_CONFIG: CookieOptions = {
maxAge: (HOUR_IN_MILLISECONDS * 24) * AUTH_EXPIRATION,
// In production only allow this cookie with HTTPS Only 👇
secure: appConfig.APP.env === 'production' ? true : false,
sameSite: "strict"
};

function setTokenCookie(token: string, res: Response, origin?: string) {
Expand Down
7 changes: 5 additions & 2 deletions server/user/user.router.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,8 +125,11 @@ userRouter.post('/login', async function login(
res.json(UserModel.sanitize(user, SanitizeRole.SELF));
})

userRouter.post('/logout', (_, res: Response) => {
res.clearCookie('token');
userRouter.post('/logout', (req: Request, res: Response) => {
res.clearCookie('token', {
sameSite: "strict",
domain: new URL(req.headers.origin).hostname
});
res.status(200).send();
});

Expand Down

0 comments on commit 5914320

Please sign in to comment.