LukeParke/website
1
0
Fork 0
mirror of https://github.com/LukeHagar/website.git synced 2025-12-10 12:57:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update OAuth docs

Browse Source 
The cookie should be ``lax`` in order to be send to the redirect target as the sign in OAuth flow is cross site.
Keep in mind that with a lax session cookie you should make some checks when receiving requests to sensitive endpoints. Easy way, save a strict cookie with the same session and check they are the same in a middleware for your sensitive routes.
This commit is contained in:
Gonzalo
2024-06-03 18:22:56 +02:00
committed by GitHub
parent f3b90ec07f
commit ff6e7f99ca
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/routes/docs/tutorials/astro-ssr-auth/step-7/+page.markdoc
View File

@@ -68,7 +68,7 @@ export const GET = async ({ redirect, cookies, url }) => {
// Set the session cookie // Set the session cookie
cookies.set(SESSION_COOKIE, session.secret, { cookies.set(SESSION_COOKIE, session.secret, {
sameSite: "strict", sameSite: "lax",
expires: new Date(session.expire), expires: new Date(session.expire),
secure: true, secure: true,
httpOnly: true, httpOnly: true,