Revert "Add secure attribute to cookies if served over HTTPS (#472)"

This reverts commit e229241.
auth0 · Aug 10, 2020 · 2d888d6 · 2d888d6
1 parent 3c70599
commit 2d888d6
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 28 deletions.
diff --git a/__tests__/storage.test.ts b/__tests__/storage.test.ts
@@ -18,25 +18,6 @@ describe('storage', () => {
       }
     );
   });
-  it('saves object with secure flag and samesite=none when on https', () => {
-    const key = 'key';
-    const value = { some: 'value' };
-    const options = { daysUntilExpire: 1 };
-    const originalLocation = window.location;
-    delete window.location;
-    window.location = { ...originalLocation, protocol: 'https:' };
-    storage.save(key, value, options);
-    expect(require('es-cookie').set).toHaveBeenCalledWith(
-      key,
-      JSON.stringify(value),
-      {
-        expires: options.daysUntilExpire,
-        secure: true,
-        sameSite: 'none'
-      }
-    );
-    window.location = originalLocation;
-  });
   it('returns undefined when there is no object', () => {
     const Cookie = require('es-cookie');
     const key = 'key';

diff --git a/src/storage.ts b/src/storage.ts
@@ -18,15 +18,9 @@ export const save = (
   value: any,
   options: ClientStorageOptions
 ) => {
-  let cookieAttributes: Cookies.CookieAttributes = {};
-  if ('https:' === window.location.protocol) {
-    cookieAttributes = {
-      secure: true,
-      sameSite: 'none'
-    };
-  }
-  cookieAttributes.expires = options.daysUntilExpire;
-  Cookies.set(key, JSON.stringify(value), cookieAttributes);
+  Cookies.set(key, JSON.stringify(value), {
+    expires: options.daysUntilExpire
+  });
 };
 export const remove = (key: string) => {
   Cookies.remove(key);