From 8ddf592bbc8f363249c165f1261beb8a8097bdbc Mon Sep 17 00:00:00 2001 From: Lucas Coratger <73360179+coratgerl@users.noreply.github.com> Date: Fri, 20 Feb 2026 21:05:48 +0100 Subject: [PATCH] fix(wabe): csrfToken httpOnly to false --- .../src/authentication/resolvers/signInWithResolver.test.ts | 2 +- .../wabe/src/authentication/resolvers/signInWithResolver.ts | 2 +- .../wabe/src/authentication/resolvers/signUpWithResolver.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/wabe/src/authentication/resolvers/signInWithResolver.test.ts b/packages/wabe/src/authentication/resolvers/signInWithResolver.test.ts index 8583cc11..a88f11d2 100644 --- a/packages/wabe/src/authentication/resolvers/signInWithResolver.test.ts +++ b/packages/wabe/src/authentication/resolvers/signInWithResolver.test.ts @@ -276,7 +276,7 @@ describe('SignInWith', () => { }) expect(mockSetCookie).toHaveBeenNthCalledWith(3, 'csrfToken', 'csrfToken', { - httpOnly: true, + httpOnly: false, path: '/', secure: true, sameSite: 'Strict', diff --git a/packages/wabe/src/authentication/resolvers/signInWithResolver.ts b/packages/wabe/src/authentication/resolvers/signInWithResolver.ts index 4c57c8a8..abc699e5 100644 --- a/packages/wabe/src/authentication/resolvers/signInWithResolver.ts +++ b/packages/wabe/src/authentication/resolvers/signInWithResolver.ts @@ -94,7 +94,7 @@ export const signInWithResolver = async ( }) context.response?.setCookie('csrfToken', csrfToken, { - httpOnly: true, + httpOnly: false, path: '/', sameSite, secure: true, diff --git a/packages/wabe/src/authentication/resolvers/signUpWithResolver.ts b/packages/wabe/src/authentication/resolvers/signUpWithResolver.ts index e4720427..8173c605 100644 --- a/packages/wabe/src/authentication/resolvers/signUpWithResolver.ts +++ b/packages/wabe/src/authentication/resolvers/signUpWithResolver.ts @@ -56,7 +56,7 @@ export const signUpWithResolver = async ( }) context.response?.setCookie('csrfToken', csrfToken, { - httpOnly: true, + httpOnly: false, path: '/', sameSite, secure: true,