From 35682796b8e927ae3c7ae90900ef3c678f833009 Mon Sep 17 00:00:00 2001 From: Xvezda Date: Thu, 16 May 2024 21:14:39 +0900 Subject: [PATCH] =?UTF-8?q?chore:=20=EC=BF=A0=ED=82=A4=20=EC=A7=80?= =?UTF-8?q?=EC=9A=B0=EA=B8=B0=20=EC=98=B5=EC=85=98=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/api/src/services/auth/v1/route.ts | 33 ++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/apps/api/src/services/auth/v1/route.ts b/apps/api/src/services/auth/v1/route.ts index d6ead47..8838c7e 100644 --- a/apps/api/src/services/auth/v1/route.ts +++ b/apps/api/src/services/auth/v1/route.ts @@ -119,7 +119,13 @@ const withPrevUrl: MiddlewareHandler<{ prevUrl = payload['http:cheda.kr/state'].url; - deleteCookie(c, 'state'); + deleteCookie(c, 'state', { + httpOnly: true, + ...c.env.DEV ? {} : { + secure: true, + domain: '.cheda.kr', + }, + }); } } catch (e) { console.error(e); @@ -173,8 +179,21 @@ const decryptToken = async (context: C, token: stri }; const deleteSessionCookies = (c: Context) => { - deleteCookie(c, 'session_id'); - deleteCookie(c, 'session_sid'); + deleteCookie(c, 'session_id', { + sameSite: 'None', + secure: true, + ...c.env.DEV ? {} : { + domain: '.cheda.kr', + }, + }); + deleteCookie(c, 'session_sid', { + httpOnly: true, + sameSite: 'None', + secure: true, + ...c.env.DEV ? {} : { + domain: '.cheda.kr', + }, + }); }; const withSession: MiddlewareHandler<{ @@ -349,7 +368,13 @@ app.get('/callback', async (c) => { console.error(e); /* noop */ } finally { - deleteCookie(c, 'state'); + deleteCookie(c, 'state', { + httpOnly: true, + ...c.env.DEV ? {} : { + secure: true, + domain: '.cheda.kr', + }, + }); } if (!state) {