Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(adapter-nextjs): set cookie secure: false with non-SSL domain #13841

Open
wants to merge 1 commit into
base: hui/fix/adapter-nextjs/5-handler-type-def
Choose a base branch
from

Conversation

HuiSF
Copy link
Member

@HuiSF HuiSF commented Sep 23, 2024

Description of changes

  1. Set secure: false with non-SSL domains
  2. Add validation of the origin string

Issue #, if available

Description of how you validated changes

  • Unit tests

Checklist

  • PR description included
  • yarn test passes
  • Unit Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

  • Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
  • New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@HuiSF HuiSF force-pushed the hui/fix/adapter-nextjs/5-handler-type-def branch from 7a35370 to 0779333 Compare October 1, 2024 23:03
@HuiSF HuiSF requested a review from a team as a code owner October 1, 2024 23:03
@HuiSF HuiSF force-pushed the hui/feat/adapter-nextjs/6-secure-for-non-ssl branch from 6edd287 to 72693a6 Compare October 1, 2024 23:04

// a regular expression that validates the origin string to be any valid origin, and allowing local development localhost
const originRegex =
/^(http:\/\/localhost(:\d{1,5})?)|(https?:\/\/[a-z0-9-]+(\.[a-z0-9-]+)*(:\d{1,5})?)$/;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this regex sourced from any spec? If so, it'd be better to attach the source.

@HuiSF HuiSF force-pushed the hui/fix/adapter-nextjs/5-handler-type-def branch from 0779333 to ccca0a9 Compare November 21, 2024 17:07
@HuiSF HuiSF force-pushed the hui/feat/adapter-nextjs/6-secure-for-non-ssl branch from 72693a6 to 9c80fa4 Compare November 21, 2024 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants