fix CRSF cookie for chrome

jasonraimondi / ts-oauth2-server-example

This is an example implementation of the @jmondi/oauth2-server project using a NestJS/Express server and a Sveltekit client. This is supposed to be a more real example of how to implement the package in a production application.

https://github.com/jasonraimondi/ts-oauth2-server

MIT License

10 stars 2 forks source link

fix CRSF cookie for chrome #2

Closed Notalifeform closed 1 year ago

Notalifeform commented 1 year ago

CRSF is broken when running on chrome:

__Host cookie only work when using https

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes

jasonraimondi commented 1 year ago

I want to investigate a bit more into this one before merging. It is recommended to use _Host prefix on cookies that should be secure.

Notalifeform commented 1 year ago

I want to investigate a bit more into this one before merging. It is recommended to use _Host prefix on cookies that should be secure.

sure. Does it actually work on you machine? I get the error above on chrome..

jasonraimondi commented 1 year ago

Just tested and I can confirm in chrome I do get the same error. Firefox did not have this issue. Gonna go ahead and merge this, thank you!