NONCE and CV cookies as secure for pkce

iress · Sep 22, 2023 · d9e32aa · d9e32aa
1 parent f4c0e44
commit d9e32aa
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/authn/pkce.index.js b/authn/pkce.index.js
@@ -328,14 +328,16 @@ function redirect(request, headers, callback) {
           "key": "Set-Cookie",
           "value" : cookie.serialize('NONCE', n[1], {
             path: '/',
-            httpOnly: true
+            httpOnly: true,
+            secure: true
           })
         },
         {
           "key": "Set-Cookie",
           "value" : cookie.serialize('CV', challenge[0], {
             path: '/',
-            httpOnly: true
+            httpOnly: true,
+            secure: true
           })
         }
       ],