From 35120d232a754e011d53d5de2d1b2e72608b9bbc Mon Sep 17 00:00:00 2001 From: Tobbe Lundberg Date: Thu, 9 Jan 2025 13:12:20 +0700 Subject: [PATCH] feat(dbAuth): Lax SameSite cookie policy --- .../fragment-test-project/api/src/functions/auth.ts | 2 +- .../test-project-rsc-kitchen-sink/api/src/functions/auth.ts | 2 +- __fixtures__/test-project/api/src/functions/auth.ts | 2 +- docs/docs/auth/dbauth.md | 6 +++--- docs/docs/cors.md | 2 +- .../dbAuth/api/src/__tests__/DbAuthHandler.fetch.test.js | 2 +- .../dbAuth/api/src/__tests__/DbAuthHandler.test.js | 2 +- .../setup/src/templates/api/functions/auth.ts.template | 2 +- .../src/templates/api/functions/auth.webAuthn.ts.template | 2 +- .../dbAuthSetup/templates/api/functions/auth.ts.template | 2 +- .../templates/api/functions/auth.webAuthn.ts.template | 2 +- .../rsc-kitchen-sink/tests/rsc-kitchen-sink.spec.ts | 2 +- 12 files changed, 14 insertions(+), 14 deletions(-) diff --git a/__fixtures__/fragment-test-project/api/src/functions/auth.ts b/__fixtures__/fragment-test-project/api/src/functions/auth.ts index d71b437e9802..fd5a3a279e54 100644 --- a/__fixtures__/fragment-test-project/api/src/functions/auth.ts +++ b/__fixtures__/fragment-test-project/api/src/functions/auth.ts @@ -182,7 +182,7 @@ export const handler = async ( attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development', // If you need to allow other domains (besides the api side) access to diff --git a/__fixtures__/test-project-rsc-kitchen-sink/api/src/functions/auth.ts b/__fixtures__/test-project-rsc-kitchen-sink/api/src/functions/auth.ts index 667c57a51337..406d1f723bb2 100644 --- a/__fixtures__/test-project-rsc-kitchen-sink/api/src/functions/auth.ts +++ b/__fixtures__/test-project-rsc-kitchen-sink/api/src/functions/auth.ts @@ -187,7 +187,7 @@ export const handler = async ( attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development', // If you need to allow other domains (besides the api side) access to diff --git a/__fixtures__/test-project/api/src/functions/auth.ts b/__fixtures__/test-project/api/src/functions/auth.ts index d71b437e9802..fd5a3a279e54 100644 --- a/__fixtures__/test-project/api/src/functions/auth.ts +++ b/__fixtures__/test-project/api/src/functions/auth.ts @@ -182,7 +182,7 @@ export const handler = async ( attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development', // If you need to allow other domains (besides the api side) access to diff --git a/docs/docs/auth/dbauth.md b/docs/docs/auth/dbauth.md index 357c19da8c3d..94d2c4307d13 100644 --- a/docs/docs/auth/dbauth.md +++ b/docs/docs/auth/dbauth.md @@ -319,7 +319,7 @@ cookie: { attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: true, // Domain: 'example.com', }, @@ -360,7 +360,7 @@ cookie: { attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development' ? true : false, // highlight-next-line Domain: 'example.com' @@ -564,7 +564,7 @@ export const handler = async (event, context) => { attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development' ? true : false, }, }, diff --git a/docs/docs/cors.md b/docs/docs/cors.md index 3781aeb19fe2..d3949c57203d 100644 --- a/docs/docs/cors.md +++ b/docs/docs/cors.md @@ -109,7 +109,7 @@ const authHandler = new DbAuthHandler(event, context, { cookie: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: true, }, forgotPassword: forgotPasswordOptions, diff --git a/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.fetch.test.js b/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.fetch.test.js index 17f17ffda554..e7b0fbd6adaf 100644 --- a/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.fetch.test.js +++ b/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.fetch.test.js @@ -2568,7 +2568,7 @@ describe('dbAuth', () => { attributes: { Path: '/', HttpOnly: true, - SameSite: 'Strict', + SameSite: 'Lax', Secure: true, Domain: 'example.com', }, diff --git a/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.test.js b/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.test.js index 7bd2d2c52b94..5319c96215fa 100644 --- a/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.test.js +++ b/packages/auth-providers/dbAuth/api/src/__tests__/DbAuthHandler.test.js @@ -2367,7 +2367,7 @@ describe('dbAuth', () => { attributes: { Path: '/', HttpOnly: true, - SameSite: 'Strict', + SameSite: 'Lax', Secure: true, Domain: 'example.com', }, diff --git a/packages/auth-providers/dbAuth/setup/src/templates/api/functions/auth.ts.template b/packages/auth-providers/dbAuth/setup/src/templates/api/functions/auth.ts.template index 667c57a51337..406d1f723bb2 100644 --- a/packages/auth-providers/dbAuth/setup/src/templates/api/functions/auth.ts.template +++ b/packages/auth-providers/dbAuth/setup/src/templates/api/functions/auth.ts.template @@ -187,7 +187,7 @@ export const handler = async ( attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development', // If you need to allow other domains (besides the api side) access to diff --git a/packages/auth-providers/dbAuth/setup/src/templates/api/functions/auth.webAuthn.ts.template b/packages/auth-providers/dbAuth/setup/src/templates/api/functions/auth.webAuthn.ts.template index dd83f56d188a..f97fe3fd77d1 100644 --- a/packages/auth-providers/dbAuth/setup/src/templates/api/functions/auth.webAuthn.ts.template +++ b/packages/auth-providers/dbAuth/setup/src/templates/api/functions/auth.webAuthn.ts.template @@ -177,7 +177,7 @@ export const handler = async ( attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development' ? true : false, // If you need to allow other domains (besides the api side) access to diff --git a/packages/cli-helpers/src/auth/__tests__/fixtures/dbAuthSetup/templates/api/functions/auth.ts.template b/packages/cli-helpers/src/auth/__tests__/fixtures/dbAuthSetup/templates/api/functions/auth.ts.template index 8fd16f7f5f34..320f16357c83 100644 --- a/packages/cli-helpers/src/auth/__tests__/fixtures/dbAuthSetup/templates/api/functions/auth.ts.template +++ b/packages/cli-helpers/src/auth/__tests__/fixtures/dbAuthSetup/templates/api/functions/auth.ts.template @@ -172,7 +172,7 @@ export const handler = async ( attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development' ? true : false, // If you need to allow other domains (besides the api side) access to diff --git a/packages/cli-helpers/src/auth/__tests__/fixtures/dbAuthSetup/templates/api/functions/auth.webAuthn.ts.template b/packages/cli-helpers/src/auth/__tests__/fixtures/dbAuthSetup/templates/api/functions/auth.webAuthn.ts.template index aff737384bed..00b9ca81e43e 100644 --- a/packages/cli-helpers/src/auth/__tests__/fixtures/dbAuthSetup/templates/api/functions/auth.webAuthn.ts.template +++ b/packages/cli-helpers/src/auth/__tests__/fixtures/dbAuthSetup/templates/api/functions/auth.webAuthn.ts.template @@ -177,7 +177,7 @@ export const handler = async ( attributes: { HttpOnly: true, Path: '/', - SameSite: 'Strict', + SameSite: 'Lax', Secure: process.env.NODE_ENV !== 'development' ? true : false, // If you need to allow other domains (besides the api side) access to diff --git a/tasks/smoke-tests/rsc-kitchen-sink/tests/rsc-kitchen-sink.spec.ts b/tasks/smoke-tests/rsc-kitchen-sink/tests/rsc-kitchen-sink.spec.ts index 6098a36f304a..ecfdf2065cb8 100644 --- a/tasks/smoke-tests/rsc-kitchen-sink/tests/rsc-kitchen-sink.spec.ts +++ b/tasks/smoke-tests/rsc-kitchen-sink/tests/rsc-kitchen-sink.spec.ts @@ -268,7 +268,7 @@ test('Retrieving request details in a', async ({ page }) => { expires: Math.floor(Date.now() / 1000) + 300, // 5 minutes from now in seconds secure: true, httpOnly: true, - sameSite: 'Strict', + sameSite: 'Lax', }, ])