fix(cookie): set cookie with "SameSite=strict"

thematters · Sep 22, 2020 · 7a949b0 · 7a949b0
1 parent f1e01e5
commit 7a949b0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/src/common/enums.ts b/src/common/enums.ts
@@ -544,7 +544,7 @@ export const CORS_OPTIONS: CorsOptions = {
       return callback(null, false)
     }
 
-    const isLocalDev = /(localhost|127\.0\.0\.1)$/.test(origin)
+    const isLocalDev = /(localhost|127\.0\.0\.1):\d+$/.test(origin)
     const isMatters = /\/\/(.*\.)?matters\.news$/.test(origin)
     const isApolloStudio = /\/\/(.*\.)?apollographql\.com$/.test(origin)
     const isAllowed = isLocalDev || isMatters || isApolloStudio

diff --git a/src/common/utils/cookie.ts b/src/common/utils/cookie.ts
@@ -1,4 +1,4 @@
-import { Request, Response } from 'express'
+import { CookieOptions, Request, Response } from 'express'
 
 import {
   COOKIE_TOKEN_NAME,
@@ -12,7 +12,8 @@ const getCookieOption = (req: Request) => {
     httpOnly: true,
     secure: req.protocol === 'https',
     domain: req.hostname,
-  }
+    sameSite: 'strict',
+  } as CookieOptions
 }
 
 export const setCookie = ({