fix(cookies): avoid specifying sameSite for local dev

nfroidure · Oct 18, 2020 · 2e4aa8d · 2e4aa8d
1 parent 2c8c54a
commit 2e4aa8d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/packages/whook-oauth2/src/services/authCookies.ts b/packages/whook-oauth2/src/services/authCookies.ts
@@ -48,15 +48,15 @@ async function initAuthCookies({
         httpOnly: true,
         domain: ENV.DEV_MODE ? undefined : COOKIES.domain,
         secure: !ENV.DEV_MODE,
-        sameSite: ENV.DEV_MODE ? 'none' : true,
+        ...(ENV.DEV_MODE ? {} : { sameSite: true }),
         ...(data.access_token ? {} : { maxAge: 0 }),
       }),
       cookie.serialize('refresh_token', data.refresh_token || '', {
         path: BASE_PATH + AUTH_API_PREFIX,
         httpOnly: true,
         domain: ENV.DEV_MODE ? undefined : COOKIES.domain,
         secure: !ENV.DEV_MODE,
-        sameSite: ENV.DEV_MODE ? 'none' : true,
+        ...(ENV.DEV_MODE ? {} : { sameSite: true }),
         ...(session ? {} : { maxAge: Math.round(ms('100y') / 1000) }),
       }),
     ];