fastify-secure-session icon indicating copy to clipboard operation
fastify-secure-session copied to clipboard

Published 20 hours ago verified publisher icon fastify

Considering adding proprietary cookies good practices as Chrome make big changes on cookies in 2024

Open teotimepacreau opened this issue 1 year ago • 2 comments

Prerequisites

  • [X] I have written a descriptive issue title
  • [X] I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

Third party cookies won't be supported anymore as 2024 Chrome said

Chrome recommend good practices even for proprietary cookies to ensure it continues to work for session but for now theses options are unsupported in fastify-secure-session :

  • secure: true
  • __Host-cookie-name=cookie-value
  • SameSite=Strict || Lax

Motivation

ensure session cookies for the plugin remain practicable

Example

app.register(fastifySecureSession, {
    **_secure: true,
    __Host-cookie-name=cookie-value
    SameSite=Strict_**
    cookieName: 'session',
    key: readFileSync(join(rootDir, 'secret-key')),
    cookie: {
        path: '/',
    }
})

teotimepacreau avatar Dec 11 '23 10:12 teotimepacreau

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.

mcollina avatar Dec 11 '23 14:12 mcollina

If somebody wants to implement this feature request, he/she should orientate himself/herself on the following PR of @fastify/session.

https://github.com/fastify/session/pull/226

Uzlopak avatar Dec 11 '23 15:12 Uzlopak