@propelauth/nextjs 0.1.6 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/client/index.d.ts +1 -1
  2. package/dist/client/index.js +1 -1
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +1 -1
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/app-router/index.d.ts +1 -1
  7. package/dist/server/app-router/index.js +99 -41
  8. package/dist/server/app-router/index.js.map +1 -1
  9. package/dist/server/app-router/index.mjs +101 -41
  10. package/dist/server/app-router/index.mjs.map +1 -1
  11. package/dist/server/index.d.ts +1 -1
  12. package/dist/server/index.js +1 -1
  13. package/dist/server/index.js.map +1 -1
  14. package/dist/server/index.mjs +1 -1
  15. package/dist/server/index.mjs.map +1 -1
  16. package/dist/server/pages/index.d.ts +1 -1
  17. package/dist/server/pages/index.js +27 -9
  18. package/dist/server/pages/index.js.map +1 -1
  19. package/dist/server/pages/index.mjs +27 -9
  20. package/dist/server/pages/index.mjs.map +1 -1
  21. package/package.json +1 -1
package/dist/server/app-router/index.d.ts CHANGED
@@ -174,7 +174,7 @@ type InternalUser = {
174
174
  };
175
175
  login_method?: InternalLoginMethod;
176
176
  legacy_user_id?: string;
177
- impersonatorUserId?: string;
177
+ impersonator_user_id?: string;
178
178
  };
179
179
 
180
180
  type RedirectOptions = {
package/dist/server/app-router/index.js CHANGED
@@ -1,10 +1,27 @@
1
1
  "use strict";
2
2
  var __create = Object.create;
3
3
  var __defProp = Object.defineProperty;
4
+ var __defProps = Object.defineProperties;
4
5
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
6
+ var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
5
7
  var __getOwnPropNames = Object.getOwnPropertyNames;
8
+ var __getOwnPropSymbols = Object.getOwnPropertySymbols;
6
9
  var __getProtoOf = Object.getPrototypeOf;
7
10
  var __hasOwnProp = Object.prototype.hasOwnProperty;
11
+ var __propIsEnum = Object.prototype.propertyIsEnumerable;
12
+ var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
13
+ var __spreadValues = (a, b) => {
14
+ for (var prop in b || (b = {}))
15
+ if (__hasOwnProp.call(b, prop))
16
+ __defNormalProp(a, prop, b[prop]);
17
+ if (__getOwnPropSymbols)
18
+ for (var prop of __getOwnPropSymbols(b)) {
19
+ if (__propIsEnum.call(b, prop))
20
+ __defNormalProp(a, prop, b[prop]);
21
+ }
22
+ return a;
23
+ };
24
+ var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
8
25
  var __export = (target, all) => {
9
26
  for (var name in all)
10
27
  __defProp(target, name, { get: all[name], enumerable: true });
@@ -199,7 +216,7 @@ var UserFromToken = class {
199
216
  payload.last_name,
200
217
  payload.username,
201
218
  payload.legacy_user_id,
202
- payload.impersonatorUserId,
219
+ payload.impersonator_user_id,
203
220
  payload.properties,
204
221
  activeOrgId,
205
222
  loginMethod
@@ -317,7 +334,6 @@ var CUSTOM_HEADER_FOR_PATH = "x-propelauth-current-path";
317
334
  var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
318
335
  var COOKIE_OPTIONS = {
319
336
  httpOnly: true,
320
- sameSite: "lax",
321
337
  secure: true,
322
338
  path: "/"
323
339
  };
@@ -352,6 +368,22 @@ function getVerifierKey() {
352
368
  }
353
369
  return verifierKey.replace(/\\n/g, "\n");
354
370
  }
371
+ function getSameSiteCookieValue() {
372
+ const sameSiteOverride = process.env.PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE;
373
+ if (sameSiteOverride === "none") {
374
+ return "none";
375
+ } else if (sameSiteOverride === "lax") {
376
+ return "lax";
377
+ } else if (sameSiteOverride === "strict") {
378
+ return "strict";
379
+ } else if (sameSiteOverride) {
380
+ throw new Error(
381
+ 'Invalid value for PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE, must be one of "none", "lax", or "strict"'
382
+ );
383
+ } else {
384
+ return "lax";
385
+ }
386
+ }
355
387
  function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
356
388
  return __async(this, null, function* () {
357
389
  const body = {
@@ -491,9 +523,10 @@ function authMiddleware(req) {
491
523
  response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
492
524
  return response2;
493
525
  } else {
526
+ const sameSite = getSameSiteCookieValue();
494
527
  const nextResponse = getNextResponse(req, response.accessToken);
495
- nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
496
- nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
528
+ nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
529
+ nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
497
530
  return nextResponse;
498
531
  }
499
532
  }
@@ -524,6 +557,7 @@ function getRouteHandlers(args) {
524
557
  const returnToPath = req.nextUrl.searchParams.get("return_to_path");
525
558
  const state = randomState();
526
559
  const redirectUri = getRedirectUri();
560
+ const sameSite = getSameSiteCookieValue();
527
561
  const authorizeUrlSearchParams = new URLSearchParams({
528
562
  redirect_uri: redirectUri,
529
563
  state,
@@ -532,12 +566,12 @@ function getRouteHandlers(args) {
532
566
  const authorize_url = getAuthUrlOrigin() + "/propelauth/ssr/authorize?" + authorizeUrlSearchParams.toString();
533
567
  const headers2 = new Headers();
534
568
  headers2.append("Location", authorize_url);
535
- headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=Lax`);
569
+ headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`);
536
570
  if (returnToPath) {
537
571
  if (returnToPath.startsWith("/")) {
538
572
  headers2.append(
539
573
  "Set-Cookie",
540
- `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=600`
574
+ `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=600`
541
575
  );
542
576
  } else {
543
577
  console.warn("return_to_path must start with /");
@@ -551,6 +585,7 @@ function getRouteHandlers(args) {
551
585
  function callbackGetHandler(req) {
552
586
  return __async(this, null, function* () {
553
587
  var _a, _b, _c;
588
+ const sameSite = getSameSiteCookieValue();
554
589
  const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
555
590
  if (!oauthState || oauthState.length !== 64) {
556
591
  return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
@@ -609,15 +644,15 @@ function getRouteHandlers(args) {
609
644
  headers3.append("Location", returnToPath);
610
645
  headers3.append(
611
646
  "Set-Cookie",
612
- `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
647
+ `${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
613
648
  );
614
649
  headers3.append(
615
650
  "Set-Cookie",
616
- `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
651
+ `${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
617
652
  );
618
653
  headers3.append(
619
654
  "Set-Cookie",
620
- `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
655
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
621
656
  );
622
657
  headers3.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
623
658
  return new Response(null, {
@@ -630,15 +665,15 @@ function getRouteHandlers(args) {
630
665
  headers2.append("Location", returnToPath);
631
666
  headers2.append(
632
667
  "Set-Cookie",
633
- `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
668
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
634
669
  );
635
670
  headers2.append(
636
671
  "Set-Cookie",
637
- `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=Lax`
672
+ `${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
638
673
  );
639
674
  headers2.append(
640
675
  "Set-Cookie",
641
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
676
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
642
677
  );
643
678
  headers2.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
644
679
  return new Response(null, {
@@ -660,6 +695,7 @@ function getRouteHandlers(args) {
660
695
  var _a, _b;
661
696
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
662
697
  const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
698
+ const sameSite = getSameSiteCookieValue();
663
699
  if (oldRefreshToken) {
664
700
  const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
665
701
  if (refreshResponse.error === "unexpected") {
@@ -668,15 +704,15 @@ function getRouteHandlers(args) {
668
704
  const headers3 = new Headers();
669
705
  headers3.append(
670
706
  "Set-Cookie",
671
- `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
707
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
672
708
  );
673
709
  headers3.append(
674
710
  "Set-Cookie",
675
- `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
711
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
676
712
  );
677
713
  headers3.append(
678
714
  "Set-Cookie",
679
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
715
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
680
716
  );
681
717
  return new Response("Unauthorized", { status: 401, headers: headers3 });
682
718
  }
@@ -702,11 +738,11 @@ function getRouteHandlers(args) {
702
738
  const headers3 = new Headers();
703
739
  headers3.append(
704
740
  "Set-Cookie",
705
- `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
741
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
706
742
  );
707
743
  headers3.append(
708
744
  "Set-Cookie",
709
- `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
745
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
710
746
  );
711
747
  headers3.append("Content-Type", "application/json");
712
748
  return new Response(JSON.stringify(jsonResponse), {
@@ -717,15 +753,15 @@ function getRouteHandlers(args) {
717
753
  const headers3 = new Headers();
718
754
  headers3.append(
719
755
  "Set-Cookie",
720
- `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
756
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
721
757
  );
722
758
  headers3.append(
723
759
  "Set-Cookie",
724
- `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
760
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
725
761
  );
726
762
  headers3.append(
727
763
  "Set-Cookie",
728
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
764
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
729
765
  );
730
766
  return new Response(null, {
731
767
  status: 401,
@@ -736,9 +772,18 @@ function getRouteHandlers(args) {
736
772
  }
737
773
  }
738
774
  const headers2 = new Headers();
739
- headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
740
- headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
741
- headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
775
+ headers2.append(
776
+ "Set-Cookie",
777
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
778
+ );
779
+ headers2.append(
780
+ "Set-Cookie",
781
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
782
+ );
783
+ headers2.append(
784
+ "Set-Cookie",
785
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
786
+ );
742
787
  return new Response(null, { status: 401 });
743
788
  });
744
789
  }
@@ -750,21 +795,22 @@ function getRouteHandlers(args) {
750
795
  console.error("postLoginPathFn returned undefined");
751
796
  return new Response("Unexpected error", { status: 500 });
752
797
  }
798
+ const sameSite = getSameSiteCookieValue();
753
799
  const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
754
800
  if (!refreshToken) {
755
801
  const headers2 = new Headers();
756
802
  headers2.append("Location", path);
757
803
  headers2.append(
758
804
  "Set-Cookie",
759
- `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
805
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
760
806
  );
761
807
  headers2.append(
762
808
  "Set-Cookie",
763
- `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
809
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
764
810
  );
765
811
  headers2.append(
766
812
  "Set-Cookie",
767
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
813
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
768
814
  );
769
815
  return new Response(null, {
770
816
  status: 302,
@@ -781,15 +827,15 @@ function getRouteHandlers(args) {
781
827
  headers2.append("Location", path);
782
828
  headers2.append(
783
829
  "Set-Cookie",
784
- `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
830
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
785
831
  );
786
832
  headers2.append(
787
833
  "Set-Cookie",
788
- `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
834
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
789
835
  );
790
836
  headers2.append(
791
837
  "Set-Cookie",
792
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
838
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
793
839
  );
794
840
  return new Response(null, {
795
841
  status: 302,
@@ -808,20 +854,21 @@ function getRouteHandlers(args) {
808
854
  function logoutPostHandler(req) {
809
855
  return __async(this, null, function* () {
810
856
  var _a;
857
+ const sameSite = getSameSiteCookieValue();
811
858
  const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
812
859
  if (!refreshToken) {
813
860
  const headers3 = new Headers();
814
861
  headers3.append(
815
862
  "Set-Cookie",
816
- `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
863
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
817
864
  );
818
865
  headers3.append(
819
866
  "Set-Cookie",
820
- `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
867
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
821
868
  );
822
869
  headers3.append(
823
870
  "Set-Cookie",
824
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
871
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
825
872
  );
826
873
  return new Response(null, { status: 200, headers: headers3 });
827
874
  }
@@ -845,9 +892,18 @@ function getRouteHandlers(args) {
845
892
  );
846
893
  }
847
894
  const headers2 = new Headers();
848
- headers2.append("Set-Cookie", `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
849
- headers2.append("Set-Cookie", `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
850
- headers2.append("Set-Cookie", `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`);
895
+ headers2.append(
896
+ "Set-Cookie",
897
+ `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
898
+ );
899
+ headers2.append(
900
+ "Set-Cookie",
901
+ `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
902
+ );
903
+ headers2.append(
904
+ "Set-Cookie",
905
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
906
+ );
851
907
  return new Response(null, { status: 200, headers: headers2 });
852
908
  });
853
909
  }
@@ -856,11 +912,12 @@ function getRouteHandlers(args) {
856
912
  var _a;
857
913
  const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
858
914
  const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
915
+ const sameSite = getSameSiteCookieValue();
859
916
  if (!oldRefreshToken) {
860
917
  const headers2 = new Headers();
861
918
  headers2.append(
862
919
  "Set-Cookie",
863
- `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
920
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
864
921
  );
865
922
  return new Response(null, { status: 401, headers: headers2 });
866
923
  }
@@ -895,15 +952,15 @@ function getRouteHandlers(args) {
895
952
  const headers2 = new Headers();
896
953
  headers2.append(
897
954
  "Set-Cookie",
898
- `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
955
+ `${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
899
956
  );
900
957
  headers2.append(
901
958
  "Set-Cookie",
902
- `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
959
+ `${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
903
960
  );
904
961
  headers2.append(
905
962
  "Set-Cookie",
906
- `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=Lax`
963
+ `${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
907
964
  );
908
965
  headers2.append("Content-Type", "application/json");
909
966
  return new Response(JSON.stringify(jsonResponse), {
@@ -977,10 +1034,11 @@ function getUrlEncodedRedirectPathForCurrentPath() {
977
1034
  return encodeURIComponent(path);
978
1035
  }
979
1036
  function getCookieForReturnToPathInCallback(returnToPathFromCookie) {
1037
+ const sameSite = getSameSiteCookieValue();
980
1038
  if (returnToPathFromCookie) {
981
- return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=15`;
1039
+ return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=15`;
982
1040
  } else {
983
- return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`;
1041
+ return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`;
984
1042
  }
985
1043
  }
986
1044
  function getCurrentPath() {