fix: updated cookies to use SameSite=Lax

atinux · Nov 14, 2023 · 915eef6 · 915eef6
1 parent 29f3106
commit 915eef6
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/runtime/server/utils/security.ts b/src/runtime/server/utils/security.ts
@@ -70,11 +70,11 @@ export const checks = {
       console.log('pkceChallenge', pkceChallenge)
       res['code_challenge'] = pkceChallenge
       res['code_challenge_method'] = 'S256'
-      setCookie(event, 'nuxt-auth-util-verifier', pkceVerifier, { maxAge: 60 * 15, secure: true, httpOnly: true })
+      setCookie(event, 'nuxt-auth-util-verifier', pkceVerifier, { maxAge: 60 * 15, secure: true, httpOnly: true, sameSite: 'lax' })
     }
     if (checks?.includes('state')) {
       res['state'] = generateState()
-      setCookie(event, 'nuxt-auth-util-state', res['state'], { maxAge: 60 * 15, secure: true, httpOnly: true })
+      setCookie(event, 'nuxt-auth-util-state', res['state'], { maxAge: 60 * 15, secure: true, httpOnly: true, sameSite: 'lax' })
     }
     return res
   },