Merge pull request #234 from sasjs/issue147

fix(security): missing cookie flags are added
sasjs · Jul 19, 2022 · cb84c3e · cb84c3e
2 parents 1b234eb + 526402f
commit cb84c3e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/api/src/routes/web/web.ts b/api/src/routes/web/web.ts
@@ -1,4 +1,5 @@
 import express from 'express'
+import { cookieOptions } from '../../app'
 import { WebController } from '../../controllers/web'
 import { authenticateAccessToken, desktopRestrict } from '../../middlewares'
 import { authorizeValidation, loginWebValidation } from '../../utils'
@@ -13,7 +14,7 @@ webRouter.get('/', async (req, res) => {
   } catch (_) {
     response = 'Web Build is not present'
   } finally {
-    res.cookie('XSRF-TOKEN', req.csrfToken())
+    res.cookie('XSRF-TOKEN', req.csrfToken(), cookieOptions)
 
     return res.send(response)
   }