diff --git a/docs/content/2.configuration/2.nuxt-config.md b/docs/content/2.configuration/2.nuxt-config.md index 053be117..a618654b 100644 --- a/docs/content/2.configuration/2.nuxt-config.md +++ b/docs/content/2.configuration/2.nuxt-config.md @@ -240,12 +240,20 @@ type ProviderLocal = { */ sameSiteAttribute?: boolean | 'lax' | 'strict' | 'none' | undefined, /** - * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3 + * Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS. + * + * @default false + * @example true + */ + secureCookieAttribute?: boolean, + /** + * The cookie domain. + * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3 * * @default '' - * @example sidebase.io + * @example 'sidebase.io' */ - cookieDomain?: string; + cookieDomain?: string, }, /* * Settings for the session-data that `nuxt-auth` receives from the `getSession` endpoint. @@ -401,12 +409,20 @@ type ProviderRefresh = { */ sameSiteAttribute?: boolean | 'lax' | 'strict' | 'none' | undefined, /** - * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3 + * Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS. + * + * @default false + * @example true + */ + secureCookieAttribute?: boolean, + /** + * The cookie domain. + * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3 * * @default '' - * @example sidebase.io + * @example 'sidebase.io' */ - cookieDomain?: string; + cookieDomain?: string, }, /** * Settings for the authentication-refreshToken that `nuxt-auth` receives from the `signIn` endpoint and that can be used to authenticate subsequent requests. diff --git a/src/module.ts b/src/module.ts index 1dae5ed8..dd7a2ccc 100644 --- a/src/module.ts +++ b/src/module.ts @@ -56,8 +56,9 @@ const defaultsByBackend: { type: 'Bearer', cookieName: 'auth.token', headerName: 'Authorization', - maxAgeInSeconds: 30 * 60, + maxAgeInSeconds: 30 * 60, // 30 minutes sameSiteAttribute: 'lax', + secureCookieAttribute: false, cookieDomain: '' }, session: { @@ -86,6 +87,7 @@ const defaultsByBackend: { headerName: 'Authorization', maxAgeInSeconds: 5 * 60, // 5 minutes sameSiteAttribute: 'none', + secureCookieAttribute: false, cookieDomain: '' }, refreshToken: { @@ -93,6 +95,7 @@ const defaultsByBackend: { refreshRequestTokenPointer: '/refreshToken', cookieName: 'auth.refresh-token', maxAgeInSeconds: 60 * 60 * 24 * 7, // 7 days + secureCookieAttribute: false, cookieDomain: '' }, session: { diff --git a/src/runtime/composables/local/useAuthState.ts b/src/runtime/composables/local/useAuthState.ts index 50c11d13..7047df88 100644 --- a/src/runtime/composables/local/useAuthState.ts +++ b/src/runtime/composables/local/useAuthState.ts @@ -29,7 +29,8 @@ export const useAuthState = (): UseAuthStateReturn => { default: () => null, domain: config.token.cookieDomain, maxAge: config.token.maxAgeInSeconds, - sameSite: config.token.sameSiteAttribute + sameSite: config.token.sameSiteAttribute, + secure: config.token.secureCookieAttribute }) const rawToken = useState('auth:raw-token', () => _rawTokenCookie.value) diff --git a/src/runtime/composables/refresh/useAuthState.ts b/src/runtime/composables/refresh/useAuthState.ts index e5454b89..9edf4e18 100644 --- a/src/runtime/composables/refresh/useAuthState.ts +++ b/src/runtime/composables/refresh/useAuthState.ts @@ -19,7 +19,8 @@ export const useAuthState = (): UseAuthStateReturn => { default: () => null, domain: config.refreshToken.cookieDomain, maxAge: config.refreshToken.maxAgeInSeconds, - sameSite: 'lax' + sameSite: 'lax', + secure: config.refreshToken.secureCookieAttribute } ) diff --git a/src/runtime/types.ts b/src/runtime/types.ts index f18d187c..0375c2c7 100644 --- a/src/runtime/types.ts +++ b/src/runtime/types.ts @@ -168,10 +168,18 @@ export type ProviderLocal = { */ sameSiteAttribute?: boolean | 'lax' | 'strict' | 'none' | undefined; /** - * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3 + * Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS. + * + * @default false + * @example true + */ + secureCookieAttribute?: boolean; + /** + * The cookie domain. + * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3 * * @default '' - * @example sidebase.io + * @example 'sidebase.io' */ cookieDomain?: string; }; @@ -270,10 +278,18 @@ export type ProviderLocalRefresh = Omit & { */ maxAgeInSeconds?: number; /** - * The cookie domain. See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3 + * Whether to set the secure flag on the cookie. This is useful when the application is served over HTTPS. + * + * @default false + * @example true + */ + secureCookieAttribute?: boolean; + /** + * The cookie domain. + * See the specification here: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.3 * * @default '' - * @example sidebase.io + * @example 'sidebase.io' */ cookieDomain?: string; };