diff --git a/.changeset/nice-humans-fry.md b/.changeset/nice-humans-fry.md new file mode 100644 index 00000000..fa062df2 --- /dev/null +++ b/.changeset/nice-humans-fry.md @@ -0,0 +1,5 @@ +--- +"@logto/nuxt": major +--- + +support secure cookie storage for nuxt SDK diff --git a/packages/nuxt/src/runtime/server/event-handler.ts b/packages/nuxt/src/runtime/server/event-handler.ts index 781482d4..32767d2d 100644 --- a/packages/nuxt/src/runtime/server/event-handler.ts +++ b/packages/nuxt/src/runtime/server/event-handler.ts @@ -15,6 +15,7 @@ export default defineEventHandler(async (event) => { const { cookieName, cookieEncryptionKey, + cookieSecure, fetchUserInfo, pathnames, postCallbackRedirectUri, @@ -36,17 +37,15 @@ export default defineEventHandler(async (event) => { } const url = getRequestURL(event); - const storage = new CookieStorage( - { - cookieKey: cookieName, - encryptionKey: cookieEncryptionKey, - getCookie: (name) => getCookie(event, name), - setCookie: (name, value, options) => { - setCookie(event, name, value, options); - }, + const storage = new CookieStorage({ + cookieKey: cookieName, + encryptionKey: cookieEncryptionKey, + isSecure: cookieSecure, + getCookie: (name) => getCookie(event, name), + setCookie: (name, value, options) => { + setCookie(event, name, value, options); }, - { headers: event.headers, url: url.href } - ); + }); await storage.init(); diff --git a/packages/nuxt/src/runtime/utils/types.ts b/packages/nuxt/src/runtime/utils/types.ts index 6eb76762..4476392d 100644 --- a/packages/nuxt/src/runtime/utils/types.ts +++ b/packages/nuxt/src/runtime/utils/types.ts @@ -14,6 +14,14 @@ type LogtoModuleOptions = { * @see {@link CookieConfig.cookieKey} for the default value. */ cookieName?: string; + /** + * Whether the Logto cookie should be secure. + * + * Set this to `true` if you are using https. + * + * @see {@link CookieConfig.isSecure} + */ + cookieSecure?: boolean; /** * If Logto should fetch from the [userinfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) * in the server side for the `event.context.logtoUser` property (used by `useLogtoUser` composable).