Merge pull request #37 from icapps/bugfix/#33-safari-session-cookies

#33 Safari fix: include credentials header
icapps · Mar 8, 2019 · 470f955 · 470f955
2 parents d4afda9 + 0d48c96
commit 470f955
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/src/lib/express.ts b/src/lib/express.ts
@@ -13,6 +13,8 @@ const redisStore = require('express-brute-redis');
 export function setBasicSecurity(app: Application, route: string, options: SecurityOptions = {}): void {
   app.use(route, helmet(Object.assign({}, defaults.helmetOptions, options.helmet)));
   app.use(route, cors(Object.assign({}, defaults.corsOptions, options.cors)));
+  // SAFARI BUGFIX: include credentials
+  app.use((_req, res, next) => { res.set('credentials', 'include'); next(); });
 }
 
 /**

diff --git a/tests/lib/express.test.ts b/tests/lib/express.test.ts
@@ -23,6 +23,9 @@ describe('Express', () => {
       expect(headers).toHaveProperty('x-download-options');
       expect(headers).toHaveProperty('strict-transport-security');
 
+      // Safari bugfix for sessions
+      expect(headers).toHaveProperty('credentials', 'include');
+
       // cors
       expect(headers).toHaveProperty('access-control-allow-origin');
     });