From 39f6cdfdbd844aa432bfbe209c3d891615f5f7df Mon Sep 17 00:00:00 2001 From: Marco Pedone Date: Mon, 25 Aug 2025 12:33:29 +0200 Subject: [PATCH] fix: change SameSite cookie attribute from 'strict' to 'lax' for better compatibility --- apps/infoalloggi/src/middlewares/auth_middleware.ts | 2 +- apps/infoalloggi/src/server/controllers/auth.controller.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/infoalloggi/src/middlewares/auth_middleware.ts b/apps/infoalloggi/src/middlewares/auth_middleware.ts index d69446a..f284ee7 100644 --- a/apps/infoalloggi/src/middlewares/auth_middleware.ts +++ b/apps/infoalloggi/src/middlewares/auth_middleware.ts @@ -140,7 +140,7 @@ const refreshAuthToken = async ( response.cookies.set(ACCESS_TOKEN_COOKIE_NAME, newAccessToken, { httpOnly: true, secure: env.NODE_ENV === "production", - sameSite: "strict", + sameSite: "lax", path: "/", expires: add(new Date(), { hours: 1 }), }); diff --git a/apps/infoalloggi/src/server/controllers/auth.controller.ts b/apps/infoalloggi/src/server/controllers/auth.controller.ts index ad39a29..d6aed69 100644 --- a/apps/infoalloggi/src/server/controllers/auth.controller.ts +++ b/apps/infoalloggi/src/server/controllers/auth.controller.ts @@ -29,7 +29,7 @@ import { const cookieOptions: OptionsType = { httpOnly: true, secure: env.NODE_ENV === "production", - sameSite: "strict", + sameSite: "lax", path: "/", };