From 03efeef50f765ba6a5834023d722167c1c23aa6c Mon Sep 17 00:00:00 2001 From: Simon Coe Date: Tue, 3 Oct 2023 15:15:27 +0000 Subject: [PATCH] fix: stop redirect loop caused by TOKEN cookie not sent --- authn/github.index.js | 6 +++--- authn/openid.index.js | 8 ++++---- authn/pkce.index.js | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/authn/github.index.js b/authn/github.index.js index 1686a0a..41be8c1 100644 --- a/authn/github.index.js +++ b/authn/github.index.js @@ -87,7 +87,7 @@ function mainProcess(event, context, callback) { } // Options ), { - sameSite: 'strict', + sameSite: 'lax', secure: true } ) @@ -164,7 +164,7 @@ function redirect(request, headers, callback) { "value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0), - sameSite: 'strict', + sameSite: 'lax', secure: true }) }], @@ -188,7 +188,7 @@ function unauthorized(body, callback) { "value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0), - sameSite: 'strict', + sameSite: 'lax', secure: true }) }], diff --git a/authn/openid.index.js b/authn/openid.index.js index 5190860..739dee7 100644 --- a/authn/openid.index.js +++ b/authn/openid.index.js @@ -188,7 +188,7 @@ function mainProcess(event, context, callback) { ), { path: '/', maxAge: config.SESSION_DURATION, - sameSite: 'strict', + sameSite: 'lax', secure: true }) }, @@ -243,7 +243,7 @@ function mainProcess(event, context, callback) { "value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0), - sameSite: 'strict', + sameSite: 'lax', secure: true }) }, @@ -327,7 +327,7 @@ function redirect(request, headers, callback) { "value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0), - sameSite: 'strict', + sameSite: 'lax', secure: true }) }, @@ -381,7 +381,7 @@ function unauthorized(error, error_description, error_uri, callback) { "value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0), - sameSite: 'strict', + sameSite: 'lax', secure: true }) }, diff --git a/authn/pkce.index.js b/authn/pkce.index.js index 5b57717..5b777b9 100755 --- a/authn/pkce.index.js +++ b/authn/pkce.index.js @@ -187,7 +187,7 @@ function mainProcess(event, context, callback) { path: '/', httpOnly: true, secure: true, - sameSite: 'strict', + sameSite: 'lax', maxAge: parseInt(config.SESSION_DURATION) }) }, @@ -242,7 +242,7 @@ function mainProcess(event, context, callback) { "value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0), - sameSite: 'strict', + sameSite: 'lax', secure: true }) }, @@ -341,7 +341,7 @@ function redirect(request, headers, callback) { "value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0), - sameSite: 'strict', + sameSite: 'lax', secure: true }) }, @@ -405,7 +405,7 @@ function unauthorized(error, error_description, error_uri, callback) { "value" : cookie.serialize('TOKEN', '', { path: '/', expires: new Date(1970, 1, 1, 0, 0, 0, 0), - sameSite: 'strict', + sameSite: 'lax', secure: true }) },