Merge pull request #39 from iress/DP-481

Configure NONCE and CV cookies as `secure` for pkce
iress · Sep 26, 2023 · bf49023 · bf49023
2 parents 35b12be + d9e32aa
commit bf49023
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/authn/pkce.index.js b/authn/pkce.index.js
@@ -328,14 +328,16 @@ function redirect(request, headers, callback) {
           "key": "Set-Cookie",
           "value" : cookie.serialize('NONCE', n[1], {
             path: '/',
-            httpOnly: true
+            httpOnly: true,
+            secure: true
           })
         },
         {
           "key": "Set-Cookie",
           "value" : cookie.serialize('CV', challenge[0], {
             path: '/',
-            httpOnly: true
+            httpOnly: true,
+            secure: true
           })
         }
       ],