fix(package): store cookies securely when using https

Halceyon · Halceyon · commit fd754c272e13 · 2018-03-07T22:26:11.000+02:00
diff --git a/src/AspnetAuth.js b/src/AspnetAuth.js
@@ -104,8 +104,13 @@ class AspnetAuth {
   }
 
   saveAuth(result) {
+    let secure = false;
+    // save secure cookies for https requests
+    if (window.location.protocol === 'https:') {
+      secure = true;
+    }
     cookies.set(this.cookieName, stringify(result), {
-      secure: true,
+      secure,
     });
   }
 
diff --git a/test/aspnet-authSpec.js b/test/aspnet-authSpec.js
@@ -21,7 +21,11 @@ sinonStubPromise(sinon);
 
 describe('AspnetAuth', () => {
   let aspnetAuth;
-
+  global.window = {
+    location: {
+      protocol: 'http:',
+    },
+  };
   beforeEach(() => {
     sinon.stub(cookies, 'get').returns(null);
     sinon.stub(cookies, 'set');

Original file line number	Diff line number	Diff line change
`@@ -104,8 +104,13 @@ class AspnetAuth {`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`saveAuth(result) {`
	`107`	`+ let secure = false;`
	`108`	`+ // save secure cookies for https requests`
	`109`	`+ if (window.location.protocol === 'https:') {`
	`110`	`+ secure = true;`
	`111`	`+ }`
`107`	`112`	`cookies.set(this.cookieName, stringify(result), {`
`108`		`- secure: true,`
	`113`	`+ secure,`
`109`	`114`	`});`
`110`	`115`	`}`
`111`	`116`