fix(website): use proper secured settings for snack-values cookie (#…

…598)
expo · Aug 1, 2024 · a60fe54 · a60fe54
1 parent 6b99393
commit a60fe54
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/website/src/server/utils/getSplitTests.tsx b/website/src/server/utils/getSplitTests.tsx
@@ -47,6 +47,13 @@ export default async (ctx: Context) => {
     ...existingSettings,
   };
 
-  ctx.res.setHeader('Set-Cookie', cookie.serialize(SNACK_COOKIE_NAME, JSON.stringify(newValues)));
+  ctx.res.setHeader(
+    'Set-Cookie',
+    cookie.serialize(SNACK_COOKIE_NAME, JSON.stringify(newValues), {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'strict',
+    })
+  );
   return newValues;
 };