github/AutoGPT
1
1
Fork 0
mirror of https://github.com/Significant-Gravitas/AutoGPT.git synced 2026-04-08 03:00:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: don't let other poeple look at our cookies

Browse Source
This commit is contained in:
Nicholas Tindle
2025-06-13 13:49:44 -05:00
parent ade66f3d27
commit 34184f7cc0
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
autogpt_platform/frontend/src/lib/supabase/middleware.ts
View File

@@ -38,7 +38,12 @@ export async function updateSession(request: NextRequest) {
request,
});
cookiesToSet.forEach(({ name, value, options }) =>
supabaseResponse.cookies.set(name, value, options),
supabaseResponse.cookies.set(name, value, {
...options,
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "lax",
}),
);
},
},

7
autogpt_platform/frontend/src/lib/supabase/server/getServerSupabase.ts
View File

@@ -18,7 +18,12 @@ export async function getServerSupabase() {
setAll(cookiesToSet) {
try {
cookiesToSet.forEach(({ name, value, options }) =>
cookieStore.set(name, value, options),
cookieStore.set(name, value, {
...options,
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "lax",
}),
);
} catch {
// The `setAll` method was called from a Server Component.