From a60fe546ae76e58c13538ba6ba552fa624b0654d Mon Sep 17 00:00:00 2001
From: Cedric van Putten <me@bycedric.com>
Date: Thu, 1 Aug 2024 15:37:08 +0200
Subject: [PATCH] fix(website): use proper secured settings for `snack-values`
 cookie (#598)

---
 website/src/server/utils/getSplitTests.tsx | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/website/src/server/utils/getSplitTests.tsx b/website/src/server/utils/getSplitTests.tsx
index a8d347da..70582ea1 100644
--- a/website/src/server/utils/getSplitTests.tsx
+++ b/website/src/server/utils/getSplitTests.tsx
@@ -47,6 +47,13 @@ export default async (ctx: Context) => {
     ...existingSettings,
   };
 
-  ctx.res.setHeader('Set-Cookie', cookie.serialize(SNACK_COOKIE_NAME, JSON.stringify(newValues)));
+  ctx.res.setHeader(
+    'Set-Cookie',
+    cookie.serialize(SNACK_COOKIE_NAME, JSON.stringify(newValues), {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'strict',
+    })
+  );
   return newValues;
 };