Skip to content

Commit

Permalink
security: add Secure attribute to cookies
Browse files Browse the repository at this point in the history
  • Loading branch information
Eliezer Steinbock committed Jan 6, 2026
1 parent fa40fa2 commit 491bd61
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 12 deletions.
2 changes: 1 addition & 1 deletion apps/web/app/(app)/[emailAccountId]/calendars/ConnectCalendar.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ export function ConnectCalendar({

const setOnboardingReturnCookie = () => {
if (onboardingReturnPath) {
document.cookie = `${CALENDAR_ONBOARDING_RETURN_COOKIE}=${encodeURIComponent(onboardingReturnPath)}; path=/; max-age=180`;
document.cookie = `${CALENDAR_ONBOARDING_RETURN_COOKIE}=${encodeURIComponent(onboardingReturnPath)}; path=/; max-age=180; SameSite=Lax; Secure`;
}
};

Expand Down
12 changes: 6 additions & 6 deletions apps/web/app/utm.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,17 +15,17 @@ function setUtmCookies() {
const expires = new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toUTCString();

if (utmSource)
document.cookie = `utm_source=${utmSource}; expires=${expires}; path=/`;
document.cookie = `utm_source=${utmSource}; expires=${expires}; path=/; SameSite=Lax; Secure`;
if (utmMedium)
document.cookie = `utm_medium=${utmMedium}; expires=${expires}; path=/`;
document.cookie = `utm_medium=${utmMedium}; expires=${expires}; path=/; SameSite=Lax; Secure`;
if (utmCampaign)
document.cookie = `utm_campaign=${utmCampaign}; expires=${expires}; path=/`;
document.cookie = `utm_campaign=${utmCampaign}; expires=${expires}; path=/; SameSite=Lax; Secure`;
if (utmTerm)
document.cookie = `utm_term=${utmTerm}; expires=${expires}; path=/`;
document.cookie = `utm_term=${utmTerm}; expires=${expires}; path=/; SameSite=Lax; Secure`;
if (affiliate)
document.cookie = `affiliate=${affiliate}; expires=${expires}; path=/`;
document.cookie = `affiliate=${affiliate}; expires=${expires}; path=/; SameSite=Lax; Secure`;
if (referralCode)
document.cookie = `referral_code=${referralCode}; expires=${expires}; path=/`;
document.cookie = `referral_code=${referralCode}; expires=${expires}; path=/; SameSite=Lax; Secure`;
}

export function UTM() {
Expand Down
2 changes: 1 addition & 1 deletion apps/web/components/ui/sidebar.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ const SidebarProvider = React.forwardRef<
// This sets the cookie to keep the sidebar state.
// This sets the cookie to keep the sidebar state.
sidebarNames.forEach((sidebarName) => {
document.cookie = `${sidebarName}:state=${openState.includes(sidebarName)}; path=/; max-age=${SIDEBAR_COOKIE_MAX_AGE}`;
document.cookie = `${sidebarName}:state=${openState.includes(sidebarName)}; path=/; max-age=${SIDEBAR_COOKIE_MAX_AGE}; SameSite=Lax; Secure`;
});
},
[setOpenProp, open, sidebarNames],
Expand Down
2 changes: 1 addition & 1 deletion apps/web/utils/auth-cookies.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ export function getAndClearAuthErrorCookie(): string | undefined {
.join("=");

if (authErrorCookie) {
document.cookie = "auth_error=; path=/; max-age=0";
document.cookie = "auth_error=; path=/; max-age=0; SameSite=Lax; Secure";
}

return authErrorCookie;
Expand Down
6 changes: 3 additions & 3 deletions apps/web/utils/cookies.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ export type LastEmailAccountCookieValue = {
};

export function markOnboardingAsCompleted(cookie: string) {
document.cookie = `${cookie}=true; path=/; max-age=${Number.MAX_SAFE_INTEGER}; SameSite=Lax`;
document.cookie = `${cookie}=true; path=/; max-age=${Number.MAX_SAFE_INTEGER}; SameSite=Lax; Secure`;
}

export function setInvitationCookie(invitationId: string) {
document.cookie = `${INVITATION_COOKIE}=${invitationId}; path=/; max-age=${7 * 24 * 60 * 60}; SameSite=Lax`;
document.cookie = `${INVITATION_COOKIE}=${invitationId}; path=/; max-age=${7 * 24 * 60 * 60}; SameSite=Lax; Secure`;
}

export function clearInvitationCookie() {
document.cookie = `${INVITATION_COOKIE}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Lax`;
document.cookie = `${INVITATION_COOKIE}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Lax; Secure`;
}

0 comments on commit 491bd61

Please sign in to comment.