From 809fb746e3c0f4651c17d304d581d47fc4787665 Mon Sep 17 00:00:00 2001 From: Claudemir Todo Bom Date: Tue, 18 Jun 2024 08:31:28 -0300 Subject: [PATCH] Correctly set the JRT cookie samesSite parameter - fix #67 --- backend/src/helpers/SendRefreshToken.ts | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/backend/src/helpers/SendRefreshToken.ts b/backend/src/helpers/SendRefreshToken.ts index 4e4459a4..abb50e9d 100644 --- a/backend/src/helpers/SendRefreshToken.ts +++ b/backend/src/helpers/SendRefreshToken.ts @@ -1,5 +1,12 @@ -import { Response } from "express"; +import { CookieOptions, Response } from "express"; export const SendRefreshToken = (res: Response, token: string): void => { - res.cookie("jrt", token, { httpOnly: true }); + const cookieOptions: CookieOptions = { httpOnly: true }; + + if (process.env.BACKEND_URL.startsWith("https:") ) { + cookieOptions.sameSite = "none"; + cookieOptions.secure = true; + } + + res.cookie("jrt", token, cookieOptions); };