diff --git a/routes/api/_middleware.ts b/routes/api/_middleware.ts index 56ece86..538932d 100644 --- a/routes/api/_middleware.ts +++ b/routes/api/_middleware.ts @@ -93,10 +93,9 @@ export async function handler(req: Request, ctx: FreshContext) { if (ot.expired.getTime() - 2505600000 < now) { try { const t = m.db.update_token(ot.token, now); - const host = t.secure ? "__Host-" : ""; headers.append( "Set-Cookie", - `${host}token=${t.token}; Expires=${t.expired.toUTCString()}${ + `token=${t.token}; Expires=${t.expired.toUTCString()}${ t.http_only ? "; HttpOnly" : "" }${ t.secure diff --git a/routes/api/token.ts b/routes/api/token.ts index e9ee4b3..16eb8ae 100644 --- a/routes/api/token.ts +++ b/routes/api/token.ts @@ -65,8 +65,7 @@ export const handler: Handlers = { m.db.delete_token(t); const headers: HeadersInit = {}; if (is_from_auth && is_from_cookie) { - const host = token.secure ? "__Host-" : ""; - headers["Set-Cookie"] = `${host}token=${token.token}; Max-Age=0${ + headers["Set-Cookie"] = `token=${token.token}; Max-Age=0${ token.http_only ? "; HttpOnly" : "" }${ token.secure @@ -153,9 +152,8 @@ export const handler: Handlers = { ); const headers: HeadersInit = {}; if (set_cookie) { - const host = token.secure ? "__Host-" : ""; headers["Set-Cookie"] = - `${host}token=${token.token}; Expires=${token.expired.toUTCString()}${ + `token=${token.token}; Expires=${token.expired.toUTCString()}${ http_only ? "; HttpOnly" : "" }${ secure