auth-js icon indicating copy to clipboard operation
auth-js copied to clipboard
verified publisher icon supabase

`secure` as a `CookieOption`

Open Perfecto-always opened this issue 3 years ago • 3 comments

Feature request

Is your feature request related to a problem? Please describe.

I want to have my sameSite attribute set to none but this is not happening because CookiesOption & GoTrueClient Api doesn't have a option to set secure attribute.

Describe the solution you'd like

An option to set secure attribute

Idk if its already implemented or there is even a work around, if there is any please share. Thanks for help in advance 🙏

Perfecto-always avatar Apr 12 '22 12:04 Perfecto-always

Hey @Perfecto-always

Thanks for reporting this issue! This sounds like a better fit on the Gotrue-js issues board. Going to transfer this issue over so it gets more attention

J0 avatar May 06 '22 09:05 J0

This will be very helpful in passing cookies to the server after oAuth call back.

Currently, sameSite is blank. With recent changes, browser treat this as lax and hence are not sending it to cross domain server.

As of now, sameSite can be none only if it is secure.

Without this feature, an extra trip is required from the client side to send the cookies to the server.

bhvngt avatar Jun 25 '22 03:06 bhvngt

While peeking into the code, I realise that the cookie setting for oauth callback is done at gotrue repo.

Hence, the oAuth issue that I had raised belongs to gorue repo. Will file a separate ticket there.

bhvngt avatar Jun 25 '22 05:06 bhvngt

We no longer recommend the use of sb-access-token and sb-refresh-token cookies. Please read our latest server side rendering document to understand best practices for accessing access and refresh tokens on the server.

hf avatar Dec 30 '22 17:12 hf