fix: Set secure cookie options accordingly to stop Safari from discar…

…ding cookies in localhost (#11)
actcoding · Oct 13, 2024 · 5e65c62 · 5e65c62
1 parent 2509e49
commit 5e65c62
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/frontend/src/lib/actions/auth.ts b/frontend/src/lib/actions/auth.ts
@@ -1,7 +1,8 @@
 'use server'
 
+import { isProduction } from '@/lib/utils'
 import { ApiResponse, AppSession, AppSessionData } from '@/types'
-import { IronSession, getIronSession } from 'iron-session'
+import { getIronSession, IronSession } from 'iron-session'
 import { decodeJwt } from 'jose'
 import { cookies } from 'next/headers'
 import { redirect } from 'next/navigation'
@@ -10,6 +11,10 @@ export async function getAppSession(): Promise<IronSession<AppSession>> {
     return getIronSession<AppSession>(cookies(), {
         password: process.env.APP_SECRET as string,
         cookieName: 'intranet_session',
+        cookieOptions: {
+            secure: isProduction(),
+            sameSite: 'strict',
+        },
         ttl: 60 * 60 * 24 * 7,
     })
 }

diff --git a/frontend/src/lib/utils.ts b/frontend/src/lib/utils.ts
@@ -1,5 +1,5 @@
 import { ApiErrors, AppSessionData } from '@/types'
-import { clsx, type ClassValue } from 'clsx'
+import { type ClassValue, clsx } from 'clsx'
 import { FieldValues, UseFormReturn } from 'react-hook-form'
 import { twMerge } from 'tailwind-merge'
 
@@ -50,3 +50,5 @@ export async function urlToFile(url: string, filename: string): Promise<File> {
 export function isCreator(sessionData?: AppSessionData): boolean {
     return sessionData?.roles.includes('Creator') ?? false
 }
+
+export const isProduction = () => process.env.NODE_ENV === 'production'