@propelauth/nextjs 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/index.d.ts +1 -1
- package/dist/client/index.js +1 -1
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +1 -1
- package/dist/client/index.mjs.map +1 -1
- package/dist/server/app-router/index.d.ts +1 -1
- package/dist/server/app-router/index.js +99 -41
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +101 -41
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.d.ts +1 -1
- package/dist/server/index.js +1 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +1 -1
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +1 -1
- package/dist/server/pages/index.js +27 -9
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +27 -9
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
@@ -1,10 +1,27 @@
|
|
1
1
|
"use strict";
|
2
2
|
var __create = Object.create;
|
3
3
|
var __defProp = Object.defineProperty;
|
4
|
+
var __defProps = Object.defineProperties;
|
4
5
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
6
|
+
var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
|
5
7
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
8
|
+
var __getOwnPropSymbols = Object.getOwnPropertySymbols;
|
6
9
|
var __getProtoOf = Object.getPrototypeOf;
|
7
10
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
11
|
+
var __propIsEnum = Object.prototype.propertyIsEnumerable;
|
12
|
+
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
13
|
+
var __spreadValues = (a, b) => {
|
14
|
+
for (var prop in b || (b = {}))
|
15
|
+
if (__hasOwnProp.call(b, prop))
|
16
|
+
__defNormalProp(a, prop, b[prop]);
|
17
|
+
if (__getOwnPropSymbols)
|
18
|
+
for (var prop of __getOwnPropSymbols(b)) {
|
19
|
+
if (__propIsEnum.call(b, prop))
|
20
|
+
__defNormalProp(a, prop, b[prop]);
|
21
|
+
}
|
22
|
+
return a;
|
23
|
+
};
|
24
|
+
var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
|
8
25
|
var __export = (target, all) => {
|
9
26
|
for (var name in all)
|
10
27
|
__defProp(target, name, { get: all[name], enumerable: true });
|
@@ -199,7 +216,7 @@ var UserFromToken = class {
|
|
199
216
|
payload.last_name,
|
200
217
|
payload.username,
|
201
218
|
payload.legacy_user_id,
|
202
|
-
payload.
|
219
|
+
payload.impersonator_user_id,
|
203
220
|
payload.properties,
|
204
221
|
activeOrgId,
|
205
222
|
loginMethod
|
@@ -317,7 +334,6 @@ var CUSTOM_HEADER_FOR_PATH = "x-propelauth-current-path";
|
|
317
334
|
var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
|
318
335
|
var COOKIE_OPTIONS = {
|
319
336
|
httpOnly: true,
|
320
|
-
sameSite: "lax",
|
321
337
|
secure: true,
|
322
338
|
path: "/"
|
323
339
|
};
|
@@ -352,6 +368,22 @@ function getVerifierKey() {
|
|
352
368
|
}
|
353
369
|
return verifierKey.replace(/\\n/g, "\n");
|
354
370
|
}
|
371
|
+
function getSameSiteCookieValue() {
|
372
|
+
const sameSiteOverride = process.env.PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE;
|
373
|
+
if (sameSiteOverride === "none") {
|
374
|
+
return "none";
|
375
|
+
} else if (sameSiteOverride === "lax") {
|
376
|
+
return "lax";
|
377
|
+
} else if (sameSiteOverride === "strict") {
|
378
|
+
return "strict";
|
379
|
+
} else if (sameSiteOverride) {
|
380
|
+
throw new Error(
|
381
|
+
'Invalid value for PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE, must be one of "none", "lax", or "strict"'
|
382
|
+
);
|
383
|
+
} else {
|
384
|
+
return "lax";
|
385
|
+
}
|
386
|
+
}
|
355
387
|
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
356
388
|
return __async(this, null, function* () {
|
357
389
|
const body = {
|
@@ -491,9 +523,10 @@ function authMiddleware(req) {
|
|
491
523
|
response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
|
492
524
|
return response2;
|
493
525
|
} else {
|
526
|
+
const sameSite = getSameSiteCookieValue();
|
494
527
|
const nextResponse = getNextResponse(req, response.accessToken);
|
495
|
-
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
|
496
|
-
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
|
528
|
+
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
|
529
|
+
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
|
497
530
|
return nextResponse;
|
498
531
|
}
|
499
532
|
}
|
@@ -524,6 +557,7 @@ function getRouteHandlers(args) {
|
|
524
557
|
const returnToPath = req.nextUrl.searchParams.get("return_to_path");
|
525
558
|
const state = randomState();
|
526
559
|
const redirectUri = getRedirectUri();
|
560
|
+
const sameSite = getSameSiteCookieValue();
|
527
561
|
const authorizeUrlSearchParams = new URLSearchParams({
|
528
562
|
redirect_uri: redirectUri,
|
529
563
|
state,
|
@@ -532,12 +566,12 @@ function getRouteHandlers(args) {
|
|
532
566
|
const authorize_url = getAuthUrlOrigin() + "/propelauth/ssr/authorize?" + authorizeUrlSearchParams.toString();
|
533
567
|
const headers2 = new Headers();
|
534
568
|
headers2.append("Location", authorize_url);
|
535
|
-
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite
|
569
|
+
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`);
|
536
570
|
if (returnToPath) {
|
537
571
|
if (returnToPath.startsWith("/")) {
|
538
572
|
headers2.append(
|
539
573
|
"Set-Cookie",
|
540
|
-
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite
|
574
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=600`
|
541
575
|
);
|
542
576
|
} else {
|
543
577
|
console.warn("return_to_path must start with /");
|
@@ -551,6 +585,7 @@ function getRouteHandlers(args) {
|
|
551
585
|
function callbackGetHandler(req) {
|
552
586
|
return __async(this, null, function* () {
|
553
587
|
var _a, _b, _c;
|
588
|
+
const sameSite = getSameSiteCookieValue();
|
554
589
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
555
590
|
if (!oauthState || oauthState.length !== 64) {
|
556
591
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
@@ -609,15 +644,15 @@ function getRouteHandlers(args) {
|
|
609
644
|
headers3.append("Location", returnToPath);
|
610
645
|
headers3.append(
|
611
646
|
"Set-Cookie",
|
612
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite
|
647
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
613
648
|
);
|
614
649
|
headers3.append(
|
615
650
|
"Set-Cookie",
|
616
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
651
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
617
652
|
);
|
618
653
|
headers3.append(
|
619
654
|
"Set-Cookie",
|
620
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite
|
655
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
621
656
|
);
|
622
657
|
headers3.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
|
623
658
|
return new Response(null, {
|
@@ -630,15 +665,15 @@ function getRouteHandlers(args) {
|
|
630
665
|
headers2.append("Location", returnToPath);
|
631
666
|
headers2.append(
|
632
667
|
"Set-Cookie",
|
633
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
668
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
634
669
|
);
|
635
670
|
headers2.append(
|
636
671
|
"Set-Cookie",
|
637
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite
|
672
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
638
673
|
);
|
639
674
|
headers2.append(
|
640
675
|
"Set-Cookie",
|
641
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
676
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
642
677
|
);
|
643
678
|
headers2.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
|
644
679
|
return new Response(null, {
|
@@ -660,6 +695,7 @@ function getRouteHandlers(args) {
|
|
660
695
|
var _a, _b;
|
661
696
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
662
697
|
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
698
|
+
const sameSite = getSameSiteCookieValue();
|
663
699
|
if (oldRefreshToken) {
|
664
700
|
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
665
701
|
if (refreshResponse.error === "unexpected") {
|
@@ -668,15 +704,15 @@ function getRouteHandlers(args) {
|
|
668
704
|
const headers3 = new Headers();
|
669
705
|
headers3.append(
|
670
706
|
"Set-Cookie",
|
671
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
707
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
672
708
|
);
|
673
709
|
headers3.append(
|
674
710
|
"Set-Cookie",
|
675
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
711
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
676
712
|
);
|
677
713
|
headers3.append(
|
678
714
|
"Set-Cookie",
|
679
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
715
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
680
716
|
);
|
681
717
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
682
718
|
}
|
@@ -702,11 +738,11 @@ function getRouteHandlers(args) {
|
|
702
738
|
const headers3 = new Headers();
|
703
739
|
headers3.append(
|
704
740
|
"Set-Cookie",
|
705
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
741
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
706
742
|
);
|
707
743
|
headers3.append(
|
708
744
|
"Set-Cookie",
|
709
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
745
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
710
746
|
);
|
711
747
|
headers3.append("Content-Type", "application/json");
|
712
748
|
return new Response(JSON.stringify(jsonResponse), {
|
@@ -717,15 +753,15 @@ function getRouteHandlers(args) {
|
|
717
753
|
const headers3 = new Headers();
|
718
754
|
headers3.append(
|
719
755
|
"Set-Cookie",
|
720
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
756
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
721
757
|
);
|
722
758
|
headers3.append(
|
723
759
|
"Set-Cookie",
|
724
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
760
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
725
761
|
);
|
726
762
|
headers3.append(
|
727
763
|
"Set-Cookie",
|
728
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
764
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
729
765
|
);
|
730
766
|
return new Response(null, {
|
731
767
|
status: 401,
|
@@ -736,9 +772,18 @@ function getRouteHandlers(args) {
|
|
736
772
|
}
|
737
773
|
}
|
738
774
|
const headers2 = new Headers();
|
739
|
-
headers2.append(
|
740
|
-
|
741
|
-
|
775
|
+
headers2.append(
|
776
|
+
"Set-Cookie",
|
777
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
778
|
+
);
|
779
|
+
headers2.append(
|
780
|
+
"Set-Cookie",
|
781
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
782
|
+
);
|
783
|
+
headers2.append(
|
784
|
+
"Set-Cookie",
|
785
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
786
|
+
);
|
742
787
|
return new Response(null, { status: 401 });
|
743
788
|
});
|
744
789
|
}
|
@@ -750,21 +795,22 @@ function getRouteHandlers(args) {
|
|
750
795
|
console.error("postLoginPathFn returned undefined");
|
751
796
|
return new Response("Unexpected error", { status: 500 });
|
752
797
|
}
|
798
|
+
const sameSite = getSameSiteCookieValue();
|
753
799
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
754
800
|
if (!refreshToken) {
|
755
801
|
const headers2 = new Headers();
|
756
802
|
headers2.append("Location", path);
|
757
803
|
headers2.append(
|
758
804
|
"Set-Cookie",
|
759
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
805
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
760
806
|
);
|
761
807
|
headers2.append(
|
762
808
|
"Set-Cookie",
|
763
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
809
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
764
810
|
);
|
765
811
|
headers2.append(
|
766
812
|
"Set-Cookie",
|
767
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
813
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
768
814
|
);
|
769
815
|
return new Response(null, {
|
770
816
|
status: 302,
|
@@ -781,15 +827,15 @@ function getRouteHandlers(args) {
|
|
781
827
|
headers2.append("Location", path);
|
782
828
|
headers2.append(
|
783
829
|
"Set-Cookie",
|
784
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
830
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
785
831
|
);
|
786
832
|
headers2.append(
|
787
833
|
"Set-Cookie",
|
788
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
834
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
789
835
|
);
|
790
836
|
headers2.append(
|
791
837
|
"Set-Cookie",
|
792
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
838
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
793
839
|
);
|
794
840
|
return new Response(null, {
|
795
841
|
status: 302,
|
@@ -808,20 +854,21 @@ function getRouteHandlers(args) {
|
|
808
854
|
function logoutPostHandler(req) {
|
809
855
|
return __async(this, null, function* () {
|
810
856
|
var _a;
|
857
|
+
const sameSite = getSameSiteCookieValue();
|
811
858
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
812
859
|
if (!refreshToken) {
|
813
860
|
const headers3 = new Headers();
|
814
861
|
headers3.append(
|
815
862
|
"Set-Cookie",
|
816
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
863
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
817
864
|
);
|
818
865
|
headers3.append(
|
819
866
|
"Set-Cookie",
|
820
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
867
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
821
868
|
);
|
822
869
|
headers3.append(
|
823
870
|
"Set-Cookie",
|
824
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
871
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
825
872
|
);
|
826
873
|
return new Response(null, { status: 200, headers: headers3 });
|
827
874
|
}
|
@@ -845,9 +892,18 @@ function getRouteHandlers(args) {
|
|
845
892
|
);
|
846
893
|
}
|
847
894
|
const headers2 = new Headers();
|
848
|
-
headers2.append(
|
849
|
-
|
850
|
-
|
895
|
+
headers2.append(
|
896
|
+
"Set-Cookie",
|
897
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
898
|
+
);
|
899
|
+
headers2.append(
|
900
|
+
"Set-Cookie",
|
901
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
902
|
+
);
|
903
|
+
headers2.append(
|
904
|
+
"Set-Cookie",
|
905
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
906
|
+
);
|
851
907
|
return new Response(null, { status: 200, headers: headers2 });
|
852
908
|
});
|
853
909
|
}
|
@@ -856,11 +912,12 @@ function getRouteHandlers(args) {
|
|
856
912
|
var _a;
|
857
913
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
858
914
|
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
915
|
+
const sameSite = getSameSiteCookieValue();
|
859
916
|
if (!oldRefreshToken) {
|
860
917
|
const headers2 = new Headers();
|
861
918
|
headers2.append(
|
862
919
|
"Set-Cookie",
|
863
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
920
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
864
921
|
);
|
865
922
|
return new Response(null, { status: 401, headers: headers2 });
|
866
923
|
}
|
@@ -895,15 +952,15 @@ function getRouteHandlers(args) {
|
|
895
952
|
const headers2 = new Headers();
|
896
953
|
headers2.append(
|
897
954
|
"Set-Cookie",
|
898
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
955
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
899
956
|
);
|
900
957
|
headers2.append(
|
901
958
|
"Set-Cookie",
|
902
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
959
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
903
960
|
);
|
904
961
|
headers2.append(
|
905
962
|
"Set-Cookie",
|
906
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite
|
963
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
907
964
|
);
|
908
965
|
headers2.append("Content-Type", "application/json");
|
909
966
|
return new Response(JSON.stringify(jsonResponse), {
|
@@ -977,10 +1034,11 @@ function getUrlEncodedRedirectPathForCurrentPath() {
|
|
977
1034
|
return encodeURIComponent(path);
|
978
1035
|
}
|
979
1036
|
function getCookieForReturnToPathInCallback(returnToPathFromCookie) {
|
1037
|
+
const sameSite = getSameSiteCookieValue();
|
980
1038
|
if (returnToPathFromCookie) {
|
981
|
-
return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite
|
1039
|
+
return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=15`;
|
982
1040
|
} else {
|
983
|
-
return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
1041
|
+
return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`;
|
984
1042
|
}
|
985
1043
|
}
|
986
1044
|
function getCurrentPath() {
|