Add support for partitioned cookies

kubetail-org / edge-csrf

CSRF protection library for JavaScript that runs on the edge runtime (with Next.js, SvelteKit, Express, Node-HTTP integrations)

MIT License

138 stars 7 forks source link

Add support for partitioned cookies #54

Open bookernath opened 1 month ago

bookernath commented 1 month ago

For cookies set within iframes it's helpful to set the Partitioned flag to have compatibility with Chrome's CHIPS update.

Example usage might be:

// middleware.ts

import { createCsrfMiddleware } from '@edge-csrf/nextjs';

// initalize csrf protection middleware
const csrfMiddleware = createCsrfMiddleware({
  cookie: {
    secure: process.env.NODE_ENV === 'production',
    partitioned: true, // add this new arg
  },
});

export const middleware = csrfMiddleware;

amorey commented 1 month ago

Thanks for the suggestion! I added support for the partitioned attribute and published a new release candidate (v2.3.0-rc1): https://www.npmjs.com/package/@edge-csrf/nextjs/v/2.3.0-rc1?activeTab=versions

Let me know if it's working as expected.

amorey commented 1 month ago

@bookernath Have you had a chance to try out the release candidate (v2.3.0-rc1)? Let me know if it's working for you and I can cut a new release. https://www.npmjs.com/package/@edge-csrf/nextjs/v/2.3.0-rc1?activeTab=versions