fix(package): store cookies securely when using https

Halceyon · Mar 7, 2018 · fd754c2 · fd754c2
1 parent abdec8e
commit fd754c2
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/src/AspnetAuth.js b/src/AspnetAuth.js
@@ -104,8 +104,13 @@ class AspnetAuth {
   }
 
   saveAuth(result) {
+    let secure = false;
+    // save secure cookies for https requests
+    if (window.location.protocol === 'https:') {
+      secure = true;
+    }
     cookies.set(this.cookieName, stringify(result), {
-      secure: true,
+      secure,
     });
   }
 

diff --git a/test/aspnet-authSpec.js b/test/aspnet-authSpec.js
@@ -21,7 +21,11 @@ sinonStubPromise(sinon);
 
 describe('AspnetAuth', () => {
   let aspnetAuth;
-
+  global.window = {
+    location: {
+      protocol: 'http:',
+    },
+  };
   beforeEach(() => {
     sinon.stub(cookies, 'get').returns(null);
     sinon.stub(cookies, 'set');