From 05936c17e3f1b75d45dd06505a51a31f355d242a Mon Sep 17 00:00:00 2001
From: pallavicoder <pallavi.ghule@ayanworks.com>
Date: Mon, 13 Nov 2023 18:47:10 +0530
Subject: [PATCH 1/2] fix:Set an HTTP-only cookie on the client side

Signed-off-by: pallavicoder <pallavi.ghule@ayanworks.com>
---
 package-lock.json | 8 --------
 src/api/Auth.ts   | 1 +
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e9bf33418..c701d0f19 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9087,8 +9087,6 @@
 		},
 		"node_modules/npm/node_modules/string-width": {
 			"version": "4.2.3",
-			"resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-			"integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
 			"inBundle": true,
 			"license": "MIT",
 			"dependencies": {
@@ -9116,8 +9114,6 @@
 		},
 		"node_modules/npm/node_modules/strip-ansi": {
 			"version": "6.0.1",
-			"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-			"integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
 			"inBundle": true,
 			"license": "MIT",
 			"dependencies": {
@@ -18429,8 +18425,6 @@
 				},
 				"string-width": {
 					"version": "4.2.3",
-					"resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-					"integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
 					"bundled": true,
 					"requires": {
 						"emoji-regex": "^8.0.0",
@@ -18449,8 +18443,6 @@
 				},
 				"strip-ansi": {
 					"version": "6.0.1",
-					"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-					"integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
 					"bundled": true,
 					"requires": {
 						"ansi-regex": "^5.0.1"
diff --git a/src/api/Auth.ts b/src/api/Auth.ts
index 43d4371f2..7d16affb5 100644
--- a/src/api/Auth.ts
+++ b/src/api/Auth.ts
@@ -205,6 +205,7 @@ export const setToCookies = (cookies: AstroCookies, key: string, value: any, opt
     }
     const convertedValue = encryptData(value)
     cookies.set(key, convertedValue as string, option)
+    document.cookie = 'exampleCookie=cookieValue; HttpOnly';
     return true
 }
 

From 22ee1cd500e32f5cc8b1aa2a2de5e6fee23d56e6 Mon Sep 17 00:00:00 2001
From: pallavicoder <pallavi.ghule@ayanworks.com>
Date: Mon, 20 Nov 2023 17:27:40 +0530
Subject: [PATCH 2/2] fix:configured cookies flags and attributes

Signed-off-by: pallavicoder <pallavi.ghule@ayanworks.com>
---
 src/api/Auth.ts | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/api/Auth.ts b/src/api/Auth.ts
index 7d16affb5..4fbaa0bec 100644
--- a/src/api/Auth.ts
+++ b/src/api/Auth.ts
@@ -199,13 +199,20 @@ export const getFromLocalStorage = async (key: string) =>{
     return convertedValue
 }
 
-export const setToCookies = (cookies: AstroCookies, key: string, value: any, option: {}) =>{
+export const setToCookies = (cookies: AstroCookies, key: string, value: any, option: {[key: string]: any }) =>{
     if(!value.trim()){
         return
     }
     const convertedValue = encryptData(value)
-    cookies.set(key, convertedValue as string, option)
-    document.cookie = 'exampleCookie=cookieValue; HttpOnly';
+    // Set HttpOnly, Secure, and SameSite attributes in the options
+    const updatedOption: { [key: string]: any }= {
+        ...option,
+        httpOnly: true,
+        secure: true, // Set to true if using HTTPS
+        sameSite: 'Strict', 
+      };
+    cookies.set(key, convertedValue as string, updatedOption)
+
     return true
 }