Skip to content

use 'lax' instead of 'Lax' as default for cookie sameSite option when secure is set to 'auto'#271

Merged
gurgunday merged 1 commit into
fastify:masterfrom
gunjam:master
Oct 10, 2024
Merged

use 'lax' instead of 'Lax' as default for cookie sameSite option when secure is set to 'auto'#271
gurgunday merged 1 commit into
fastify:masterfrom
gunjam:master

Conversation

@gunjam

@gunjam gunjam commented Oct 10, 2024

Copy link
Copy Markdown
Contributor

Change to support @fastify/cookie ^11.0.0

When setting the secure option to 'auto' the cookie option of 'Lax' is being set by default for non HTTPS traffic, which is causing the jshttp/cookie module to throw as it now only supports the lowercase option of 'lax'.

Had to update the tests to check for maxAge 0 on expiry which @fastify/cookie is now also having to set due to changes in jshttp/cookie.

Change to support @fastify/cookie ^11.0.0

The downstream jshttp/cookie module now enforces the sameSite option to
be lowercase, which means this default is causing the plugin to throw
when setting the session cookie.

Signed-off-by: Niall Molloy <[email protected]>

@gurgunday gurgunday left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@gurgunday gurgunday merged commit 4ad874e into fastify:master Oct 10, 2024
@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions Bot locked as resolved and limited conversation to collaborators May 1, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants