Description
Environment
Latest Safari and MacOS.
This library is being used by TanStack Start and I reported the issue there:
This affects both the v1 and v2 branches.
Reproduction
The reproduction is given on TanStack Start example here: TanStack/router#3492
But basically cookies will persist by default in Chrome and Firefox on MacOS but not Safari (and I suspect this also happens on iOS.)
Describe the bug
The culprit is in H3 on this line:
Line 37 in 67e12ae
Basically DEFAULT_COOKIE is used as defaults in updateSession:
Line 153 in 67e12ae
Line 217 in 67e12ae
DEFAULT_COOKIE has secure = true.
But if you use http localhost on Safari in dev mode, cookies will not persist by default not, they will fail silently.
So if you do not specify a value for "cookie.secure" it will end up as true and thus Safari development mode will fail to save cookies.
Note be careful when setting 'secure' to true, as compliant clients will not send the cookie back to the server in the future if the browser does not have an HTTPS connection.
Maybe automatically change cookie secure setting based on process.env.NODE_ENV === 'production' or something similar? That is what I am suggesting to TanStack Start.
Additional context
Again, you can read my original issue over on TanStack Start here describing the issue: TanStack/router#3492
Activity