feat: support secure cookie storage for nuxt sdk

.changeset/nice-humans-fry.md

@@ -0,0 +1,5 @@
+---
+"@logto/nuxt": major
+---
+
+support secure cookie storage for nuxt SDK

packages/nuxt/src/runtime/server/event-handler.ts

@@ -15,6 +15,7 @@ export default defineEventHandler(async (event) => {
   const {
     cookieName,
     cookieEncryptionKey,
+    cookieSecure,
     fetchUserInfo,
     pathnames,
     postCallbackRedirectUri,
@@ -36,17 +37,15 @@ export default defineEventHandler(async (event) => {
   }
 
   const url = getRequestURL(event);
-  const storage = new CookieStorage(
-    {
-      cookieKey: cookieName,
-      encryptionKey: cookieEncryptionKey,
-      getCookie: (name) => getCookie(event, name),
-      setCookie: (name, value, options) => {
-        setCookie(event, name, value, options);
-      },
+  const storage = new CookieStorage({
+    cookieKey: cookieName,
+    encryptionKey: cookieEncryptionKey,
+    isSecure: cookieSecure,
+    getCookie: (name) => getCookie(event, name),
+    setCookie: (name, value, options) => {
+      setCookie(event, name, value, options);
     },
-    { headers: event.headers, url: url.href }
-  );
+  });
 
   await storage.init();
 

packages/nuxt/src/runtime/utils/types.ts

@@ -14,6 +14,14 @@ type LogtoModuleOptions = {
    * @see {@link CookieConfig.cookieKey} for the default value.
    */
   cookieName?: string;
+  /**
+   * Whether the Logto cookie should be secure.
+   *
+   * Set this to `true` if you are using https.
+   *
+   * @see {@link CookieConfig.isSecure}
+   */
+  cookieSecure?: boolean;
   /**
    * If Logto should fetch from the [userinfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
    * in the server side for the `event.context.logtoUser` property (used by `useLogtoUser` composable).