@propelauth/nextjs 0.1.7 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/server/app-router/index.js +98 -40
- package/dist/server/app-router/index.js.map +1 -1
- package/dist/server/app-router/index.mjs +100 -40
- package/dist/server/app-router/index.mjs.map +1 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/pages/index.js +26 -8
- package/dist/server/pages/index.js.map +1 -1
- package/dist/server/pages/index.mjs +26 -8
- package/dist/server/pages/index.mjs.map +1 -1
- package/package.json +1 -1
|
@@ -1,10 +1,27 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
var __create = Object.create;
|
|
3
3
|
var __defProp = Object.defineProperty;
|
|
4
|
+
var __defProps = Object.defineProperties;
|
|
4
5
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
6
|
+
var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
|
|
5
7
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
8
|
+
var __getOwnPropSymbols = Object.getOwnPropertySymbols;
|
|
6
9
|
var __getProtoOf = Object.getPrototypeOf;
|
|
7
10
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
11
|
+
var __propIsEnum = Object.prototype.propertyIsEnumerable;
|
|
12
|
+
var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
|
|
13
|
+
var __spreadValues = (a, b) => {
|
|
14
|
+
for (var prop in b || (b = {}))
|
|
15
|
+
if (__hasOwnProp.call(b, prop))
|
|
16
|
+
__defNormalProp(a, prop, b[prop]);
|
|
17
|
+
if (__getOwnPropSymbols)
|
|
18
|
+
for (var prop of __getOwnPropSymbols(b)) {
|
|
19
|
+
if (__propIsEnum.call(b, prop))
|
|
20
|
+
__defNormalProp(a, prop, b[prop]);
|
|
21
|
+
}
|
|
22
|
+
return a;
|
|
23
|
+
};
|
|
24
|
+
var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
|
|
8
25
|
var __export = (target, all) => {
|
|
9
26
|
for (var name in all)
|
|
10
27
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
@@ -317,7 +334,6 @@ var CUSTOM_HEADER_FOR_PATH = "x-propelauth-current-path";
|
|
|
317
334
|
var RETURN_TO_PATH_COOKIE_NAME = "__pa_return_to_path";
|
|
318
335
|
var COOKIE_OPTIONS = {
|
|
319
336
|
httpOnly: true,
|
|
320
|
-
sameSite: "lax",
|
|
321
337
|
secure: true,
|
|
322
338
|
path: "/"
|
|
323
339
|
};
|
|
@@ -352,6 +368,22 @@ function getVerifierKey() {
|
|
|
352
368
|
}
|
|
353
369
|
return verifierKey.replace(/\\n/g, "\n");
|
|
354
370
|
}
|
|
371
|
+
function getSameSiteCookieValue() {
|
|
372
|
+
const sameSiteOverride = process.env.PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE;
|
|
373
|
+
if (sameSiteOverride === "none") {
|
|
374
|
+
return "none";
|
|
375
|
+
} else if (sameSiteOverride === "lax") {
|
|
376
|
+
return "lax";
|
|
377
|
+
} else if (sameSiteOverride === "strict") {
|
|
378
|
+
return "strict";
|
|
379
|
+
} else if (sameSiteOverride) {
|
|
380
|
+
throw new Error(
|
|
381
|
+
'Invalid value for PROPELAUTH_SAME_SITE_COOKIE_OVERRIDE, must be one of "none", "lax", or "strict"'
|
|
382
|
+
);
|
|
383
|
+
} else {
|
|
384
|
+
return "lax";
|
|
385
|
+
}
|
|
386
|
+
}
|
|
355
387
|
function refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId) {
|
|
356
388
|
return __async(this, null, function* () {
|
|
357
389
|
const body = {
|
|
@@ -491,9 +523,10 @@ function authMiddleware(req) {
|
|
|
491
523
|
response2.cookies.delete(REFRESH_TOKEN_COOKIE_NAME);
|
|
492
524
|
return response2;
|
|
493
525
|
} else {
|
|
526
|
+
const sameSite = getSameSiteCookieValue();
|
|
494
527
|
const nextResponse = getNextResponse(req, response.accessToken);
|
|
495
|
-
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, COOKIE_OPTIONS);
|
|
496
|
-
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, COOKIE_OPTIONS);
|
|
528
|
+
nextResponse.cookies.set(ACCESS_TOKEN_COOKIE_NAME, response.accessToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
|
|
529
|
+
nextResponse.cookies.set(REFRESH_TOKEN_COOKIE_NAME, response.refreshToken, __spreadProps(__spreadValues({}, COOKIE_OPTIONS), { sameSite }));
|
|
497
530
|
return nextResponse;
|
|
498
531
|
}
|
|
499
532
|
}
|
|
@@ -524,6 +557,7 @@ function getRouteHandlers(args) {
|
|
|
524
557
|
const returnToPath = req.nextUrl.searchParams.get("return_to_path");
|
|
525
558
|
const state = randomState();
|
|
526
559
|
const redirectUri = getRedirectUri();
|
|
560
|
+
const sameSite = getSameSiteCookieValue();
|
|
527
561
|
const authorizeUrlSearchParams = new URLSearchParams({
|
|
528
562
|
redirect_uri: redirectUri,
|
|
529
563
|
state,
|
|
@@ -532,12 +566,12 @@ function getRouteHandlers(args) {
|
|
|
532
566
|
const authorize_url = getAuthUrlOrigin() + "/propelauth/ssr/authorize?" + authorizeUrlSearchParams.toString();
|
|
533
567
|
const headers2 = new Headers();
|
|
534
568
|
headers2.append("Location", authorize_url);
|
|
535
|
-
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite
|
|
569
|
+
headers2.append("Set-Cookie", `${STATE_COOKIE_NAME}=${state}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`);
|
|
536
570
|
if (returnToPath) {
|
|
537
571
|
if (returnToPath.startsWith("/")) {
|
|
538
572
|
headers2.append(
|
|
539
573
|
"Set-Cookie",
|
|
540
|
-
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite
|
|
574
|
+
`${RETURN_TO_PATH_COOKIE_NAME}=${returnToPath}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=600`
|
|
541
575
|
);
|
|
542
576
|
} else {
|
|
543
577
|
console.warn("return_to_path must start with /");
|
|
@@ -551,6 +585,7 @@ function getRouteHandlers(args) {
|
|
|
551
585
|
function callbackGetHandler(req) {
|
|
552
586
|
return __async(this, null, function* () {
|
|
553
587
|
var _a, _b, _c;
|
|
588
|
+
const sameSite = getSameSiteCookieValue();
|
|
554
589
|
const oauthState = (_a = req.cookies.get(STATE_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
555
590
|
if (!oauthState || oauthState.length !== 64) {
|
|
556
591
|
return new Response(null, { status: 302, headers: { Location: LOGIN_PATH } });
|
|
@@ -609,15 +644,15 @@ function getRouteHandlers(args) {
|
|
|
609
644
|
headers3.append("Location", returnToPath);
|
|
610
645
|
headers3.append(
|
|
611
646
|
"Set-Cookie",
|
|
612
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
647
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${response2.accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
613
648
|
);
|
|
614
649
|
headers3.append(
|
|
615
650
|
"Set-Cookie",
|
|
616
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
651
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${response2.refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
617
652
|
);
|
|
618
653
|
headers3.append(
|
|
619
654
|
"Set-Cookie",
|
|
620
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite
|
|
655
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
621
656
|
);
|
|
622
657
|
headers3.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
|
|
623
658
|
return new Response(null, {
|
|
@@ -630,15 +665,15 @@ function getRouteHandlers(args) {
|
|
|
630
665
|
headers2.append("Location", returnToPath);
|
|
631
666
|
headers2.append(
|
|
632
667
|
"Set-Cookie",
|
|
633
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
668
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
634
669
|
);
|
|
635
670
|
headers2.append(
|
|
636
671
|
"Set-Cookie",
|
|
637
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite
|
|
672
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${data.refresh_token}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
638
673
|
);
|
|
639
674
|
headers2.append(
|
|
640
675
|
"Set-Cookie",
|
|
641
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
676
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
642
677
|
);
|
|
643
678
|
headers2.append("Set-Cookie", getCookieForReturnToPathInCallback(returnToPathFromCookie));
|
|
644
679
|
return new Response(null, {
|
|
@@ -660,6 +695,7 @@ function getRouteHandlers(args) {
|
|
|
660
695
|
var _a, _b;
|
|
661
696
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
662
697
|
const activeOrgId = (_b = req.cookies.get(ACTIVE_ORG_ID_COOKIE_NAME)) == null ? void 0 : _b.value;
|
|
698
|
+
const sameSite = getSameSiteCookieValue();
|
|
663
699
|
if (oldRefreshToken) {
|
|
664
700
|
const refreshResponse = yield refreshTokenWithAccessAndRefreshToken(oldRefreshToken, activeOrgId);
|
|
665
701
|
if (refreshResponse.error === "unexpected") {
|
|
@@ -668,15 +704,15 @@ function getRouteHandlers(args) {
|
|
|
668
704
|
const headers3 = new Headers();
|
|
669
705
|
headers3.append(
|
|
670
706
|
"Set-Cookie",
|
|
671
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
707
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
672
708
|
);
|
|
673
709
|
headers3.append(
|
|
674
710
|
"Set-Cookie",
|
|
675
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
711
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
676
712
|
);
|
|
677
713
|
headers3.append(
|
|
678
714
|
"Set-Cookie",
|
|
679
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
715
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
680
716
|
);
|
|
681
717
|
return new Response("Unauthorized", { status: 401, headers: headers3 });
|
|
682
718
|
}
|
|
@@ -702,11 +738,11 @@ function getRouteHandlers(args) {
|
|
|
702
738
|
const headers3 = new Headers();
|
|
703
739
|
headers3.append(
|
|
704
740
|
"Set-Cookie",
|
|
705
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
741
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
706
742
|
);
|
|
707
743
|
headers3.append(
|
|
708
744
|
"Set-Cookie",
|
|
709
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
745
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
710
746
|
);
|
|
711
747
|
headers3.append("Content-Type", "application/json");
|
|
712
748
|
return new Response(JSON.stringify(jsonResponse), {
|
|
@@ -717,15 +753,15 @@ function getRouteHandlers(args) {
|
|
|
717
753
|
const headers3 = new Headers();
|
|
718
754
|
headers3.append(
|
|
719
755
|
"Set-Cookie",
|
|
720
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
756
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
721
757
|
);
|
|
722
758
|
headers3.append(
|
|
723
759
|
"Set-Cookie",
|
|
724
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
760
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
725
761
|
);
|
|
726
762
|
headers3.append(
|
|
727
763
|
"Set-Cookie",
|
|
728
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
764
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
729
765
|
);
|
|
730
766
|
return new Response(null, {
|
|
731
767
|
status: 401,
|
|
@@ -736,9 +772,18 @@ function getRouteHandlers(args) {
|
|
|
736
772
|
}
|
|
737
773
|
}
|
|
738
774
|
const headers2 = new Headers();
|
|
739
|
-
headers2.append(
|
|
740
|
-
|
|
741
|
-
|
|
775
|
+
headers2.append(
|
|
776
|
+
"Set-Cookie",
|
|
777
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
778
|
+
);
|
|
779
|
+
headers2.append(
|
|
780
|
+
"Set-Cookie",
|
|
781
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
782
|
+
);
|
|
783
|
+
headers2.append(
|
|
784
|
+
"Set-Cookie",
|
|
785
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
786
|
+
);
|
|
742
787
|
return new Response(null, { status: 401 });
|
|
743
788
|
});
|
|
744
789
|
}
|
|
@@ -750,21 +795,22 @@ function getRouteHandlers(args) {
|
|
|
750
795
|
console.error("postLoginPathFn returned undefined");
|
|
751
796
|
return new Response("Unexpected error", { status: 500 });
|
|
752
797
|
}
|
|
798
|
+
const sameSite = getSameSiteCookieValue();
|
|
753
799
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
754
800
|
if (!refreshToken) {
|
|
755
801
|
const headers2 = new Headers();
|
|
756
802
|
headers2.append("Location", path);
|
|
757
803
|
headers2.append(
|
|
758
804
|
"Set-Cookie",
|
|
759
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
805
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
760
806
|
);
|
|
761
807
|
headers2.append(
|
|
762
808
|
"Set-Cookie",
|
|
763
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
809
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
764
810
|
);
|
|
765
811
|
headers2.append(
|
|
766
812
|
"Set-Cookie",
|
|
767
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
813
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
768
814
|
);
|
|
769
815
|
return new Response(null, {
|
|
770
816
|
status: 302,
|
|
@@ -781,15 +827,15 @@ function getRouteHandlers(args) {
|
|
|
781
827
|
headers2.append("Location", path);
|
|
782
828
|
headers2.append(
|
|
783
829
|
"Set-Cookie",
|
|
784
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
830
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
785
831
|
);
|
|
786
832
|
headers2.append(
|
|
787
833
|
"Set-Cookie",
|
|
788
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
834
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
789
835
|
);
|
|
790
836
|
headers2.append(
|
|
791
837
|
"Set-Cookie",
|
|
792
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
838
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
793
839
|
);
|
|
794
840
|
return new Response(null, {
|
|
795
841
|
status: 302,
|
|
@@ -808,20 +854,21 @@ function getRouteHandlers(args) {
|
|
|
808
854
|
function logoutPostHandler(req) {
|
|
809
855
|
return __async(this, null, function* () {
|
|
810
856
|
var _a;
|
|
857
|
+
const sameSite = getSameSiteCookieValue();
|
|
811
858
|
const refreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
812
859
|
if (!refreshToken) {
|
|
813
860
|
const headers3 = new Headers();
|
|
814
861
|
headers3.append(
|
|
815
862
|
"Set-Cookie",
|
|
816
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
863
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
817
864
|
);
|
|
818
865
|
headers3.append(
|
|
819
866
|
"Set-Cookie",
|
|
820
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
867
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
821
868
|
);
|
|
822
869
|
headers3.append(
|
|
823
870
|
"Set-Cookie",
|
|
824
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
871
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
825
872
|
);
|
|
826
873
|
return new Response(null, { status: 200, headers: headers3 });
|
|
827
874
|
}
|
|
@@ -845,9 +892,18 @@ function getRouteHandlers(args) {
|
|
|
845
892
|
);
|
|
846
893
|
}
|
|
847
894
|
const headers2 = new Headers();
|
|
848
|
-
headers2.append(
|
|
849
|
-
|
|
850
|
-
|
|
895
|
+
headers2.append(
|
|
896
|
+
"Set-Cookie",
|
|
897
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
898
|
+
);
|
|
899
|
+
headers2.append(
|
|
900
|
+
"Set-Cookie",
|
|
901
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
902
|
+
);
|
|
903
|
+
headers2.append(
|
|
904
|
+
"Set-Cookie",
|
|
905
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
906
|
+
);
|
|
851
907
|
return new Response(null, { status: 200, headers: headers2 });
|
|
852
908
|
});
|
|
853
909
|
}
|
|
@@ -856,11 +912,12 @@ function getRouteHandlers(args) {
|
|
|
856
912
|
var _a;
|
|
857
913
|
const oldRefreshToken = (_a = req.cookies.get(REFRESH_TOKEN_COOKIE_NAME)) == null ? void 0 : _a.value;
|
|
858
914
|
const activeOrgId = req.nextUrl.searchParams.get("active_org_id");
|
|
915
|
+
const sameSite = getSameSiteCookieValue();
|
|
859
916
|
if (!oldRefreshToken) {
|
|
860
917
|
const headers2 = new Headers();
|
|
861
918
|
headers2.append(
|
|
862
919
|
"Set-Cookie",
|
|
863
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
920
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`
|
|
864
921
|
);
|
|
865
922
|
return new Response(null, { status: 401, headers: headers2 });
|
|
866
923
|
}
|
|
@@ -895,15 +952,15 @@ function getRouteHandlers(args) {
|
|
|
895
952
|
const headers2 = new Headers();
|
|
896
953
|
headers2.append(
|
|
897
954
|
"Set-Cookie",
|
|
898
|
-
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite
|
|
955
|
+
`${ACCESS_TOKEN_COOKIE_NAME}=${accessToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
899
956
|
);
|
|
900
957
|
headers2.append(
|
|
901
958
|
"Set-Cookie",
|
|
902
|
-
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite
|
|
959
|
+
`${REFRESH_TOKEN_COOKIE_NAME}=${refreshToken}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
903
960
|
);
|
|
904
961
|
headers2.append(
|
|
905
962
|
"Set-Cookie",
|
|
906
|
-
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite
|
|
963
|
+
`${ACTIVE_ORG_ID_COOKIE_NAME}=${activeOrgId}; Path=/; HttpOnly; Secure; SameSite=${sameSite}`
|
|
907
964
|
);
|
|
908
965
|
headers2.append("Content-Type", "application/json");
|
|
909
966
|
return new Response(JSON.stringify(jsonResponse), {
|
|
@@ -977,10 +1034,11 @@ function getUrlEncodedRedirectPathForCurrentPath() {
|
|
|
977
1034
|
return encodeURIComponent(path);
|
|
978
1035
|
}
|
|
979
1036
|
function getCookieForReturnToPathInCallback(returnToPathFromCookie) {
|
|
1037
|
+
const sameSite = getSameSiteCookieValue();
|
|
980
1038
|
if (returnToPathFromCookie) {
|
|
981
|
-
return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite
|
|
1039
|
+
return `${RETURN_TO_PATH_COOKIE_NAME}=${returnToPathFromCookie}; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=15`;
|
|
982
1040
|
} else {
|
|
983
|
-
return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite
|
|
1041
|
+
return `${RETURN_TO_PATH_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=${sameSite}; Max-Age=0`;
|
|
984
1042
|
}
|
|
985
1043
|
}
|
|
986
1044
|
function getCurrentPath() {
|