fix(package): store cookies securely when using https

Author: Halceyon

src/AspnetAuth.js

@@ -104,8 +104,13 @@ class AspnetAuth {
   }
 
   saveAuth(result) {
+    let secure = false;
+    // save secure cookies for https requests
+    if (window.location.protocol === 'https:') {
+      secure = true;
+    }
     cookies.set(this.cookieName, stringify(result), {
-      secure: true,
+      secure,
     });
   }
 

test/aspnet-authSpec.js

@@ -21,7 +21,11 @@ sinonStubPromise(sinon);
 
 describe('AspnetAuth', () => {
   let aspnetAuth;
-
+  global.window = {
+    location: {
+      protocol: 'http:',
+    },
+  };
   beforeEach(() => {
     sinon.stub(cookies, 'get').returns(null);
     sinon.stub(cookies, 'set');