@propelauth/nextjs 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/index.d.ts +1 -1
- package/dist/client/index.js +1 -1
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +1 -1
- package/dist/client/index.mjs.map +1 -1
- package/dist/server/app-router/index.d.ts +1 -1
- package/dist/server/app-router/index.js +99 -41
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +101 -41
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.d.ts +1 -1
- package/dist/server/index.js +1 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +1 -1
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.d.ts +1 -1
- package/dist/server/pages/index.js +27 -9
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +27 -9
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
|
@@ -1,3 +1,22 @@
|
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __defProps = Object.defineProperties;
|
|
3
|
+
var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
|
|
4
|
+
var __getOwnPropSymbols = Object.getOwnPropertySymbols;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __propIsEnum = Object.prototype.propertyIsEnumerable;
|
|
7
|
+
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
8
|
+
var __spreadValues = (a, b) => {
|
|
9
|
+
for (var prop in b || (b = {}))
|
|
10
|
+
if (__hasOwnProp.call(b, prop))
|
|
11
|
+
__defNormalProp(a, prop, b[prop]);
|
|
12
|
+
if (__getOwnPropSymbols)
|
|
13
|
+
for (var prop of __getOwnPropSymbols(b)) {
|
|
14
|
+
if (__propIsEnum.call(b, prop))
|
|
15
|
+
__defNormalProp(a, prop, b[prop]);
|
|
16
|
+
}
|
|
17
|
+
return a;
|
|
18
|
+
};
|
|
19
|
+
var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
|
|
1
20
|
var __async = (__this, __arguments, generator) => {
|
|
2
21
|
return new Promise((resolve, reject) => {
|
|
3
22
|
var fulfilled = (value) => {
|
|
@@ -156,7 +175,7 @@ var UserFromToken = class {
|
|
|
156
175
|
payload.last_name,
|
|
157
176
|
payload.username,
|
|
158
177
|
payload.legacy_user_id,
|
|
159
|
-
payload.
|
|
178
|
+
payload.impersonator_user_id,
|
|
160
179
|
payload.properties,
|
|
161
180
|
activeOrgId,
|
|
162
181
|
loginMethod
|
|
@@ -274,7 +293,6 @@ var CUSTOM_HEADER_FOR_PATH = "x-propelauth-current-path";
|
|
|
274
293
|
var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
|
|
275
294
|
var COOKIE_OPTIONS = {
|
|
276
295
|
httpOnly: true,
|
|
277
|
-
sameSite: "lax",
|
|
278
296
|
secure: true,
|
|
279
297
|
path: "/"
|
|
280
298
|
};
|
|
@@ -309,6 +327,22 @@ function getVerifierKey() {
|
|
|
309
327
|
}
|
|
310
328
|
return verifierKey.replace(/\\n/g, "\n");
|
|
311
329
|
}
|
|
330
|
+
function getSameSiteCookieValue() {
|
|
331
|
+
const sameSiteOverride = process.env.PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE;
|
|
332
|
+
if (sameSiteOverride === "none") {
|
|
333
|
+
return "none";
|
|
334
|
+
} else if (sameSiteOverride === "lax") {
|
|
335
|
+
return "lax";
|
|
336
|
+
} else if (sameSiteOverride === "strict") {
|
|
337
|
+
return "strict";
|
|
338
|
+
} else if (sameSiteOverride) {
|
|
339
|
+
throw new Error(
|
|
340
|
+
'Invalid value for PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE, must be one of "none", "lax", or "strict"'
|
|
341
|
+
);
|
|
342
|
+
} else {
|
|
343
|
+
return "lax";
|
|
344
|
+
}
|
|
345
|
+
}
|
|
312
346
|
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
|
313
347
|
return __async(this, null, function* () {
|
|
314
348
|
const body = {
|
|
@@ -448,9 +482,10 @@ function authMiddleware(req) {
|
|
|
448
482
|
response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
|
|
449
483
|
return response2;
|
|
450
484
|
} else {
|
|
485
|
+
const sameSite = getSameSiteCookieValue();
|
|
451
486
|
const nextResponse = getNextResponse(req, response.accessToken);
|
|
452
|
-
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
|
|
453
|
-
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
|
|
487
|
+
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
|
|
488
|
+
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
|
|
454
489
|
return nextResponse;
|
|
455
490
|
}
|
|
456
491
|
}
|
|
@@ -481,6 +516,7 @@ function getRouteHandlers(args) {
|
|
|
481
516
|
const returnToPath = req.nextUrl.searchParams.get("return_to_path");
|
|
482
517
|
const state = randomState();
|
|
483
518
|
const redirectUri = getRedirectUri();
|
|
519
|
+
const sameSite = getSameSiteCookieValue();
|
|
484
520
|
const authorizeUrlSearchParams = new URLSearchParams({
|
|
485
521
|
redirect_uri: redirectUri,
|
|
486
522
|
state,
|
|
@@ -489,12 +525,12 @@ function getRouteHandlers(args) {
|
|
|
489
525
|
const authorize_url = getAuthUrlOrigin() + "/propelauth/ssr/authorize?" + authorizeUrlSearchParams.toString();
|
|
490
526
|
const headers2 = new Headers();
|
|
491
527
|
headers2.append("Location", authorize_url);
|
|
492
|
-
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite
|
|
528
|
+
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`);
|
|
493
529
|
if (returnToPath) {
|
|
494
530
|
if (returnToPath.startsWith("/")) {
|
|
495
531
|
headers2.append(
|
|
496
532
|
"Set-Cookie",
|
|
497
|
-
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite
|
|
533
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=600`
|
|
498
534
|
);
|
|
499
535
|
} else {
|
|
500
536
|
console.warn("return_to_path must start with /");
|
|
@@ -508,6 +544,7 @@ function getRouteHandlers(args) {
|
|
|
508
544
|
function callbackGetHandler(req) {
|
|
509
545
|
return __async(this, null, function* () {
|
|
510
546
|
var _a, _b, _c;
|
|
547
|
+
const sameSite = getSameSiteCookieValue();
|
|
511
548
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
512
549
|
if (!oauthState || oauthState.length !== 64) {
|
|
513
550
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
|
@@ -566,15 +603,15 @@ function getRouteHandlers(args) {
|
|
|
566
603
|
headers3.append("Location", returnToPath);
|
|
567
604
|
headers3.append(
|
|
568
605
|
"Set-Cookie",
|
|
569
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
606
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
570
607
|
);
|
|
571
608
|
headers3.append(
|
|
572
609
|
"Set-Cookie",
|
|
573
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
610
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
574
611
|
);
|
|
575
612
|
headers3.append(
|
|
576
613
|
"Set-Cookie",
|
|
577
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite
|
|
614
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
578
615
|
);
|
|
579
616
|
headers3.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
|
|
580
617
|
return new Response(null, {
|
|
@@ -587,15 +624,15 @@ function getRouteHandlers(args) {
|
|
|
587
624
|
headers2.append("Location", returnToPath);
|
|
588
625
|
headers2.append(
|
|
589
626
|
"Set-Cookie",
|
|
590
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
627
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
591
628
|
);
|
|
592
629
|
headers2.append(
|
|
593
630
|
"Set-Cookie",
|
|
594
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite
|
|
631
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
595
632
|
);
|
|
596
633
|
headers2.append(
|
|
597
634
|
"Set-Cookie",
|
|
598
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
635
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
599
636
|
);
|
|
600
637
|
headers2.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
|
|
601
638
|
return new Response(null, {
|
|
@@ -617,6 +654,7 @@ function getRouteHandlers(args) {
|
|
|
617
654
|
var _a, _b;
|
|
618
655
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
619
656
|
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
|
657
|
+
const sameSite = getSameSiteCookieValue();
|
|
620
658
|
if (oldRefreshToken) {
|
|
621
659
|
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
|
622
660
|
if (refreshResponse.error === "unexpected") {
|
|
@@ -625,15 +663,15 @@ function getRouteHandlers(args) {
|
|
|
625
663
|
const headers3 = new Headers();
|
|
626
664
|
headers3.append(
|
|
627
665
|
"Set-Cookie",
|
|
628
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
666
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
629
667
|
);
|
|
630
668
|
headers3.append(
|
|
631
669
|
"Set-Cookie",
|
|
632
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
670
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
633
671
|
);
|
|
634
672
|
headers3.append(
|
|
635
673
|
"Set-Cookie",
|
|
636
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
674
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
637
675
|
);
|
|
638
676
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
|
639
677
|
}
|
|
@@ -659,11 +697,11 @@ function getRouteHandlers(args) {
|
|
|
659
697
|
const headers3 = new Headers();
|
|
660
698
|
headers3.append(
|
|
661
699
|
"Set-Cookie",
|
|
662
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
700
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
663
701
|
);
|
|
664
702
|
headers3.append(
|
|
665
703
|
"Set-Cookie",
|
|
666
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
704
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
667
705
|
);
|
|
668
706
|
headers3.append("Content-Type", "application/json");
|
|
669
707
|
return new Response(JSON.stringify(jsonResponse), {
|
|
@@ -674,15 +712,15 @@ function getRouteHandlers(args) {
|
|
|
674
712
|
const headers3 = new Headers();
|
|
675
713
|
headers3.append(
|
|
676
714
|
"Set-Cookie",
|
|
677
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
715
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
678
716
|
);
|
|
679
717
|
headers3.append(
|
|
680
718
|
"Set-Cookie",
|
|
681
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
719
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
682
720
|
);
|
|
683
721
|
headers3.append(
|
|
684
722
|
"Set-Cookie",
|
|
685
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
723
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
686
724
|
);
|
|
687
725
|
return new Response(null, {
|
|
688
726
|
status: 401,
|
|
@@ -693,9 +731,18 @@ function getRouteHandlers(args) {
|
|
|
693
731
|
}
|
|
694
732
|
}
|
|
695
733
|
const headers2 = new Headers();
|
|
696
|
-
headers2.append(
|
|
697
|
-
|
|
698
|
-
|
|
734
|
+
headers2.append(
|
|
735
|
+
"Set-Cookie",
|
|
736
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
737
|
+
);
|
|
738
|
+
headers2.append(
|
|
739
|
+
"Set-Cookie",
|
|
740
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
741
|
+
);
|
|
742
|
+
headers2.append(
|
|
743
|
+
"Set-Cookie",
|
|
744
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
745
|
+
);
|
|
699
746
|
return new Response(null, { status: 401 });
|
|
700
747
|
});
|
|
701
748
|
}
|
|
@@ -707,21 +754,22 @@ function getRouteHandlers(args) {
|
|
|
707
754
|
console.error("postLoginPathFn returned undefined");
|
|
708
755
|
return new Response("Unexpected error", { status: 500 });
|
|
709
756
|
}
|
|
757
|
+
const sameSite = getSameSiteCookieValue();
|
|
710
758
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
711
759
|
if (!refreshToken) {
|
|
712
760
|
const headers2 = new Headers();
|
|
713
761
|
headers2.append("Location", path);
|
|
714
762
|
headers2.append(
|
|
715
763
|
"Set-Cookie",
|
|
716
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
764
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
717
765
|
);
|
|
718
766
|
headers2.append(
|
|
719
767
|
"Set-Cookie",
|
|
720
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
768
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
721
769
|
);
|
|
722
770
|
headers2.append(
|
|
723
771
|
"Set-Cookie",
|
|
724
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
772
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
725
773
|
);
|
|
726
774
|
return new Response(null, {
|
|
727
775
|
status: 302,
|
|
@@ -738,15 +786,15 @@ function getRouteHandlers(args) {
|
|
|
738
786
|
headers2.append("Location", path);
|
|
739
787
|
headers2.append(
|
|
740
788
|
"Set-Cookie",
|
|
741
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
789
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
742
790
|
);
|
|
743
791
|
headers2.append(
|
|
744
792
|
"Set-Cookie",
|
|
745
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
793
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
746
794
|
);
|
|
747
795
|
headers2.append(
|
|
748
796
|
"Set-Cookie",
|
|
749
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
797
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
750
798
|
);
|
|
751
799
|
return new Response(null, {
|
|
752
800
|
status: 302,
|
|
@@ -765,20 +813,21 @@ function getRouteHandlers(args) {
|
|
|
765
813
|
function logoutPostHandler(req) {
|
|
766
814
|
return __async(this, null, function* () {
|
|
767
815
|
var _a;
|
|
816
|
+
const sameSite = getSameSiteCookieValue();
|
|
768
817
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
769
818
|
if (!refreshToken) {
|
|
770
819
|
const headers3 = new Headers();
|
|
771
820
|
headers3.append(
|
|
772
821
|
"Set-Cookie",
|
|
773
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
822
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
774
823
|
);
|
|
775
824
|
headers3.append(
|
|
776
825
|
"Set-Cookie",
|
|
777
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
826
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
778
827
|
);
|
|
779
828
|
headers3.append(
|
|
780
829
|
"Set-Cookie",
|
|
781
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
830
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
782
831
|
);
|
|
783
832
|
return new Response(null, { status: 200, headers: headers3 });
|
|
784
833
|
}
|
|
@@ -802,9 +851,18 @@ function getRouteHandlers(args) {
|
|
|
802
851
|
);
|
|
803
852
|
}
|
|
804
853
|
const headers2 = new Headers();
|
|
805
|
-
headers2.append(
|
|
806
|
-
|
|
807
|
-
|
|
854
|
+
headers2.append(
|
|
855
|
+
"Set-Cookie",
|
|
856
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
857
|
+
);
|
|
858
|
+
headers2.append(
|
|
859
|
+
"Set-Cookie",
|
|
860
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
861
|
+
);
|
|
862
|
+
headers2.append(
|
|
863
|
+
"Set-Cookie",
|
|
864
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
865
|
+
);
|
|
808
866
|
return new Response(null, { status: 200, headers: headers2 });
|
|
809
867
|
});
|
|
810
868
|
}
|
|
@@ -813,11 +871,12 @@ function getRouteHandlers(args) {
|
|
|
813
871
|
var _a;
|
|
814
872
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
815
873
|
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
|
874
|
+
const sameSite = getSameSiteCookieValue();
|
|
816
875
|
if (!oldRefreshToken) {
|
|
817
876
|
const headers2 = new Headers();
|
|
818
877
|
headers2.append(
|
|
819
878
|
"Set-Cookie",
|
|
820
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
879
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
821
880
|
);
|
|
822
881
|
return new Response(null, { status: 401, headers: headers2 });
|
|
823
882
|
}
|
|
@@ -852,15 +911,15 @@ function getRouteHandlers(args) {
|
|
|
852
911
|
const headers2 = new Headers();
|
|
853
912
|
headers2.append(
|
|
854
913
|
"Set-Cookie",
|
|
855
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
914
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
856
915
|
);
|
|
857
916
|
headers2.append(
|
|
858
917
|
"Set-Cookie",
|
|
859
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
918
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
860
919
|
);
|
|
861
920
|
headers2.append(
|
|
862
921
|
"Set-Cookie",
|
|
863
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite
|
|
922
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
864
923
|
);
|
|
865
924
|
headers2.append("Content-Type", "application/json");
|
|
866
925
|
return new Response(JSON.stringify(jsonResponse), {
|
|
@@ -934,10 +993,11 @@ function getUrlEncodedRedirectPathForCurrentPath() {
|
|
|
934
993
|
return encodeURIComponent(path);
|
|
935
994
|
}
|
|
936
995
|
function getCookieForReturnToPathInCallback(returnToPathFromCookie) {
|
|
996
|
+
const sameSite = getSameSiteCookieValue();
|
|
937
997
|
if (returnToPathFromCookie) {
|
|
938
|
-
return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite
|
|
998
|
+
return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=15`;
|
|
939
999
|
} else {
|
|
940
|
-
return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
1000
|
+
return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`;
|
|
941
1001
|
}
|
|
942
1002
|
}
|
|
943
1003
|
function getCurrentPath() {
|