Insecure Http cookies don't work on Chrome

[joshmedeski]

Describe the bug

1. If COOKIE_SECURE="true" on localhost development, I can not test on Safari
2. If COOKIE_SECURE="false" on localhost development, I can not test on Chrome

To Reproduce
Steps to reproduce the behavior:

1. Log in to the application
2. Reload the browser to trigger refresh logic
3. User won't be logged back in (http cookie doesn't exist)

Expected behavior
I expect to be able to test functionality across multiple browsers on local development.

Screenshots

Desktop (please complete the following information):

• OS: macOS
• Browser Chrome
• Version 94.0.4606.61

Comments
I'm guessing there's some security setting on one of the browsers that needs to be changed so I can test http-only cookies across multiple browsers.

[elitan]

This is most likely due to browsers blocking third party cookies. You can confirm that it's the case if you enable third-party cookies: https://support.cloudhq.net/how-to-enable-3rd-party-cookies-in-google-chrome-browser/

I'd recommend saving the refresh token in localStorage instead. Use cookie: false when register and logging in to receive the refresh token as part of the body.

https://github.com/nhost/nhost-js-sdk/blob/9d3d34c29e4c078abb591fcdc96eee4728c2e5f6/src/Auth.ts#L161-L171

https://github.com/nhost/nhost-js-sdk/blob/9d3d34c29e4c078abb591fcdc96eee4728c2e5f6/src/Auth.ts#L570-L574