Hard to set cookie secure = true by default

[fengmk2]

According https://github.com/expressjs/cookies/blob/master/lib/cookies.js#L54

, secure = req.connection.encrypted

cookies module detect secure by req.connection.encrypted.
And mostly koa app will running behind a reverse proxy(nginx) and detect https from "X-Forwarded-Proto" header.

Now I must set every cookie with secure = true options.

this.cookies.set('c1', v1, {secure: true});
// ...
this.cookies.set('c2', v2, {secure: true});

Is there a easy way to make secure cookie by default?

this.cookies.set('c1', v1);
// ...
this.cookies.set('c2', v2);

[jonathanong]

waiting on #281 and cookies v2

cc @dougwilson

[dougwilson]

I'm on it :) Though I think the question could be solved by changing the referenced line 54 to

secure = req.protocol === 'https' || req.connection.encrypted

for the time being. It would also mean that people wouldn't need to copy their proxy settings over to Cookies, either.

[dougwilson]

@fengmk2 try the cookies module version 0.5.0 to see if it works for you.

[dead-horse]

don't run the code, but seems like req in cookies is the original http request in node, but the protocol getter is in koa's request object.

[fengmk2]

@jonathanong We should pass request and response to Cookies instead of req and res https://github.com/koajs/koa/blob/master/lib/application.js#L145

[fengmk2]

@jonathanong but not sure this can work for Cookies module... Because req and res on http module are real different from request and response on koa.

[jonathanong]

yeah. ideally anything we need is configurable. make suggestions in the cookies repo :)

[dead-horse]

should we keep this issue open before cookies refactor?

[fengmk2]

I found out hard to detect https or http inside my app environment, it deps nginx config, and nginx config out of our controller.
So I change the solution, to define ctx.setCookie(name, value, opts) instead using ctx.cookies.set.
Then secure or not is deps on app's config.