Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SameSite cookie option #640

Closed
ShimShamSam opened this Issue Feb 26, 2018 · 4 comments

Comments

Projects
None yet
2 participants
@ShimShamSam
Copy link

ShimShamSam commented Feb 26, 2018

Any chance support could be added for the SameSite cookie attribute?

Info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies
CanIUse: https://caniuse.com/#feat=same-site-cookie-attribute

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Feb 27, 2018

This is already supported by Express. Looks like adding res.cookie('sameSite', true) in a middleware should do it (see https://docs.feathersjs.com/api/express.html#custom-service-middleware for more information how to use custom middleware with services).

@ShimShamSam

This comment has been minimized.

Copy link
Author

ShimShamSam commented Feb 27, 2018

It's odd then that this library has built-in support for the Secure and HTTPOnly flags but not SameSite

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Feb 27, 2018

Have you tried just setting "sameSite": true in the cookie configuration?

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Mar 2, 2018

I'm going to close this since it should work by setting "sameSite": true in the authentication cookie options. Please reopen if it does not.

@daffl daffl closed this Mar 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.