From 3bcfcddcb98332bcff55ead563b33827625e32a6 Mon Sep 17 00:00:00 2001
From: Omar Barbosa <omar.barbosa@evertecinc.com>
Date: Sun, 29 Dec 2024 12:55:18 -0500
Subject: [PATCH] fix: pass host in right way to cookie

---
 src/App.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/App.php b/src/App.php
index beae214..6510e7d 100644
--- a/src/App.php
+++ b/src/App.php
@@ -72,10 +72,9 @@ public function run(): void
 
         $this->setRouter();
 
-        $uri = Uri::new(Config::get('app.url'));
         $port = (int) Config::get('app.port');
 
-        $this->server->expose(new Socket\InternetAddress($uri->getHost(), $port));
+        $this->server->expose(new Socket\InternetAddress($this->getHost(), $port));
 
         $this->server->start($this->router, $this->errorHandler);
 
@@ -146,9 +145,10 @@ private function setRouter(): void
         $globalMiddlewares = array_map(fn (string $middleware) => new $middleware(), $middlewares['global']);
 
         $cookieAttributes = CookieAttributes::default()
-            ->withDomain($this->getAppDomain())
+            ->withDomain($this->getHost())
             ->withExpiry(Date::now()->addMinutes(30)->toDateTime())
-            ->withSameSite(CookieAttributes::SAMESITE_LAX);
+            ->withSameSite(CookieAttributes::SAMESITE_LAX)
+            ->withHttpOnly();
 
         // app.ssl or app.secure or app_server_cert
         if (Config::get('session.secure', false)) {
@@ -162,9 +162,10 @@ private function setRouter(): void
         $this->router = Middleware\stackMiddleware($router, ...$globalMiddlewares);
     }
 
-    private function getAppDomain(): string
+    private function getHost(): string
     {
-        // Scheme: http or https
-        return Config::get('app.url') . ':' . Config::get('app.port');
+        $uri = Uri::new(Config::get('app.url'));
+
+        return $uri->getHost();
     }
 }