Feat(authentication.rs): Add Secure and No SameSite to Authentication…

… Cookies
WillKirkmanM · Oct 14, 2024 · 0d131ba · 0d131ba
1 parent fa8f6a5
commit 0d131ba
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/crates/backend/src/routes/authentication.rs b/crates/backend/src/routes/authentication.rs
@@ -116,7 +116,8 @@ pub async fn login(form: web::Json<AuthData>) -> impl Responder {
                 if let Err(_) = response.add_cookie(
                     &Cookie::build("plm_refreshToken", generated_refresh_token)
                         .http_only(true)
-                        .same_site(SameSite::Lax)
+                        .same_site(SameSite::None)
+                        .secure(true)
                         .path("/")
                         .finish(),
                 ) {
@@ -127,10 +128,11 @@ pub async fn login(form: web::Json<AuthData>) -> impl Responder {
                         message: Some(String::from("Failed to set refresh token cookie")),
                     });
                 }
-
+                
                 if let Err(_) = response.add_cookie(
                     &Cookie::build("plm_accessToken", generated_access_token)
-                        .same_site(SameSite::Lax)
+                        .same_site(SameSite::None)
+                        .secure(true)
                         .path("/")
                         .finish(),
                 ) {