Giters

macchiato-framework / macchiato-core

Ring style HTTP server abstraction for Node.js

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unable to set Secure flag on the cookies

pratikpai opened this issue · comments

commented

I am trying to set the secure flag on the cookie which doesn't seem to work.

From the below code it looks like when I set the :secure true, it sets the :signed attribute which is not similar to :secure.

(defn- translate-cookie-opts [{:keys [secure max-age expires http-only path domain overwrite?]}]
  (clj->js
    (merge
      (when secure {:signed true})
      (when max-age {:maxAge max-age})
      (when path {:path path})
      (when domain {:domain domain})
      (when expires {:expires expires})
      (when (some? http-only) {:httpOnly http-only})
      (when overwrite? {:overwrite overwrite?}))))

Should that be something like below?

(defn- translate-cookie-opts [{:keys [secure signed max-age expires http-only path domain overwrite?]}]
  (clj->js
    (merge
      (when secure {:secure true})
      (when signed {:signed true})
      (when max-age {:maxAge max-age})
      (when path {:path path})
      (when domain {:domain domain})
      (when expires {:expires expires})
      (when (some? http-only) {:httpOnly http-only})
      (when overwrite? {:overwrite overwrite?}))))

The above code is in the below file:

macchiato-core/src/macchiato/cookies.cljs

Line 38 in bb054b8

(defn- translate-cookie-opts [{:keys [secure max-age expires http-only path domain overwrite?]}]

commented

Thanks for the heads up, and I think you're right. I just pushed out 0.2.19 with the change.