Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: make samesite and domain attributes configurable for frontend sdk cookie #1251

Merged
merged 3 commits into from
Feb 5, 2024
Merged

fix: make samesite and domain attributes configurable for frontend sdk cookie #1251

merged 3 commits into from
Feb 5, 2024

Conversation

lfleischmann
Copy link
Member

@lfleischmann lfleischmann commented Dec 11, 2023
edited
Loading

Description

  • The SameSite attribute is not set for cookies set by the SDK.
  • The cookie will only be sent for requests to the exact same domain but not to subdomains.

Fixes #1245
Fixes #699

Implementation

This PR makes both the SameSite and the Domain attribute configurable in the frontend-sdk via options when instantiating the main client instance and via the elements options when register-ing components.

How to test

  1. Modify /etc/hosts file, e.g. add
127.0.0.1 myapp.local
127.0.0.1 api.myapp.local
  1. Modify frontend/examples/express files: :
    • In server.js change corsOptions.origin from localhost to myapp.local : 
       const corsOptions = {
 	origin: "http://myapp.local:8888",
 	...,
 };
    • In .env, change HANKO_API_URL to the API URL of a Hanko Cloud instance.
  2. Select one of the example applications, e.g. React. In that case, modify frontend/examples/react files:
    • In .env, change REACT_APP_HANKO_API to the API URL of a Hanko Cloud instance and REACT_APP_TODO_API to http://api.myapp.local:8002.
  3. Set the correct API URL in your Hanko Cloud project, i.e. http://myapp.local:8888.
  4. Run npm run build in the frontend directory.
  5. Run npm run start for both the frontend/examples/express and the frontend/examples/react app.
  6. Modify options passed to register calls in frontend/examples/react (i.e. in HankoAuth/HankoProfile).

Todos/Issues/Questions

  • Should the SameSite attribute even be configurable, or should we just set it to a default?

@lfleischmann lfleischmann marked this pull request as ready for review December 11, 2023 15:37
@lfleischmann lfleischmann merged commit d871ec2 into main Feb 5, 2024
@lfleischmann lfleischmann deleted the fix-frontend-sdk-cookie-samesite-and-domain branch February 5, 2024 17:01
@lfleischmann lfleischmann mentioned this pull request Feb 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FreddyDevelop FreddyDevelop FreddyDevelop approved these changes

@bjoern-m bjoern-m Awaiting requested review from bjoern-m

Assignees
No one assigned
Labels
None yet
Projects
Hanko
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Hanko cookie does not have SameSite attribute frontend-sdk: cookies set via SDK not valid for subdomains
2 participants
@lfleischmann @FreddyDevelop