Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
setCookie express middleware only works inside hooks #438
Apparently, the middleware checks if it's being called by a hook though I think that it should be possible to pass it to app.get() too.
This block is never run because res.hook is undefined and no cookie is set.
Can you help clarify what the goal is in this issue? We want cookies to be ignored by the API server. It can set cookies, because that helps with SSR, but we don't want a cookie to get consumed directly by any Feathers service. That opens up the service to CSRF attacks.