[fix] Cannot send secure cookie over unencrypted connection

Question

[fix] Cannot send secure cookie over unencrypted connection

jgcmarins opened this issue 10 months ago · comments

Describe the bug

Node.js version: v18.17.1

OS version: macOS 13.5.2 (22G91)

Description: I am trying to test against a Koa API that sets a HTTP cookie with a secure flag true, but when the API does that, I get the error "Cannot send the secure cookie over unencrypted connection".
I know the cookie module throws this error, but the problem is related to the supertest request which is a HTTP request, not a HTTPS.

Actual behavior

Supertest request does not support secure HTTP request

Expected behavior

Supertest request supports HTTP request

Code to reproduce

setCookie function

const DEFAULT_MAX_AGE = 7 * 24 * 60 * 60 * 100;

export const setCookie =
  (koaContext: Context) =>
  (cookieName: string, token: string, maxAge: number = DEFAULT_MAX_AGE) => {
    try {
      const domain = null;
      const secure = config.NODE_ENV !== 'development';
      const sameSite = config.APP_ENV === 'development' ? 'Lax' : 'None';

      const options = {
        httpOnly: true,
        overwrite: true,
        maxAge,
        secure,
        domain,
        signed: false,
        sameSite,
      };

      koaContext.cookies.set(cookieName, token, options);
    } catch (err) {
      console.log('set cookie failed: ', err);
    }
  };

supertest request

const response = await request(app.callback())
    .post('/api')
    .set({
      Accept: 'application/json',
      'Content-Type': 'application/json',
    })
    .send(JSON.stringify(payload));

Checklist

I have searched through GitHub issues for similar issues.
I have completely read through the README and documentation.
I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.