-
-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add support for secure attribute of local/refresh provider cookies #729
Conversation
Hi @matteioo, thank you for your contribution. I have done both functional and code review, it all looks good to me! |
Thank you very much. I'm very happy to hear that, as this is my first open source contribution to a public repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My formatting was based on the _rawTokenCookie
in the refresh provider:
If you want, I can change the formatting of the _rawTokenCookie
so that it matches this updated version.
π Linked issue
#728
β Type of change
π Description
This PR adds the possibility to optionally set the secure attribute of the local/refresh-provider cookies to true. Thus guaranteeing, that the cookie is only sent over HTTPS. I've already updated the docs to take the changes into consideration.
As this is my first contribution to a public repo like this one, I am glad for any feedback and sorry in advance if I categorized this PR and issue wrongly or forgot to add something necessary.
PS: I've also moved a command which was wrongly on a line below (explanation of the duration in minutes regarding the
maxAgeInSeconds
field).π Checklist