Correctly set the JRT cookie samesSite parameter - fix #67

ticketz-oss · Jun 18, 2024 · 809fb74 · 809fb74
1 parent ae309f7
commit 809fb74
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/backend/src/helpers/SendRefreshToken.ts b/backend/src/helpers/SendRefreshToken.ts
@@ -1,5 +1,12 @@
-import { Response } from "express";
+import { CookieOptions, Response } from "express";
 
 export const SendRefreshToken = (res: Response, token: string): void => {
-  res.cookie("jrt", token, { httpOnly: true });
+  const cookieOptions: CookieOptions = { httpOnly: true }; 
+
+  if (process.env.BACKEND_URL.startsWith("https:") ) {
+    cookieOptions.sameSite = "none";
+    cookieOptions.secure = true;
+  }
+
+  res.cookie("jrt", token, cookieOptions);
 };