Skip to content

Commit

Permalink
add support for to set sameSite value for session cookie FRONTEGG_COO…
Browse files Browse the repository at this point in the history 
…KIE_SAME_SITE
  • Loading branch information
@frontegg-david
frontegg-david committed Oct 21, 2024
1 parent c3ff248 commit 1480456
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 1 deletion.
6 changes: 6 additions & 0 deletions packages/nextjs/src/config/constants.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,12 @@ export enum EnvVariables {
*/
FRONTEGG_COOKIE_DOMAIN = 'FRONTEGG_COOKIE_DOMAIN',

/**
* The stateless cookie same site value for storing the encrypted JWT
* default is none, you can set it to 'lax' or 'strict' for more security
*/
FRONTEGG_COOKIE_SAME_SITE = 'FRONTEGG_COOKIE_SAME_SITE',

/**
* When `true`, the initial props will not refresh access token if it's valid.
*/
Expand Down
20 changes: 20 additions & 0 deletions packages/nextjs/src/config/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ const setupEnvVariables = {
FRONTEGG_ENCRYPTION_PASSWORD: process.env.FRONTEGG_ENCRYPTION_PASSWORD,
FRONTEGG_COOKIE_NAME: process.env.FRONTEGG_COOKIE_NAME,
FRONTEGG_COOKIE_DOMAIN: process.env.FRONTEGG_COOKIE_DOMAIN,
FRONTEGG_COOKIE_SAME_SITE: process.env.FRONTEGG_COOKIE_SAME_SITE,
FRONTEGG_JWT_PUBLIC_KEY: process.env.FRONTEGG_JWT_PUBLIC_KEY,
FRONTEGG_SECURE_JWT_ENABLED: process.env.FRONTEGG_SECURE_JWT_ENABLED,
DISABLE_INITIAL_PROPS_REFRESH_TOKEN: process.env.DISABLE_INITIAL_PROPS_REFRESH_TOKEN,
Expand Down Expand Up @@ -117,6 +118,25 @@ class Config {
);
}

get cookieSameSite(): 'lax' | 'strict' | 'none' {
let sameSite = getEnvOrDefault(
EnvVariables.FRONTEGG_COOKIE_SAME_SITE,
setupEnvVariables.FRONTEGG_COOKIE_SAME_SITE ?? 'none'
);
switch (sameSite) {
case 'true':
return 'strict';
case 'false':
return 'none';
case 'lax':
case 'strict':
case 'none':
return sameSite;
default:
return 'none';
}
}

get authRoutes(): Partial<AuthPageRoutes> {
return this.fronteggAppOptions?.authOptions?.routes ?? {};
}
Expand Down
2 changes: 1 addition & 1 deletion packages/nextjs/src/utils/cookies/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ class CookieManager {
if (options.secure) {
logger.debug(`Set cookie '${cookieName}' as secure`);
serializeOptions.secure = options.secure;
serializeOptions.sameSite = 'none';
serializeOptions.sameSite = config.cookieSameSite;
}

const serializedCookie = cookieSerializer.serialize(cookieName, cookieValue, serializeOptions);
Expand Down

0 comments on commit 1480456

Please sign in to comment.