From 44ffd60174f47df9c8a7eab7c2673e2bca0b43bc Mon Sep 17 00:00:00 2001
From: Pascal Jufer <paescuj@users.noreply.github.com>
Date: Wed, 12 May 2021 18:34:58 +0200
Subject: [PATCH] Add missing cookie options to cookie cleanup on logout
 (#5626)

---
 api/src/controllers/auth.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/src/controllers/auth.ts b/api/src/controllers/auth.ts
index 7207f0b962..2f6229a9fd 100644
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -146,7 +146,10 @@ router.post(
 
 		if (req.cookies.directus_refresh_token) {
 			res.clearCookie('directus_refresh_token', {
+				httpOnly: true,
 				domain: env.REFRESH_TOKEN_COOKIE_DOMAIN,
+				secure: env.REFRESH_TOKEN_COOKIE_SECURE ?? false,
+				sameSite: (env.REFRESH_TOKEN_COOKIE_SAME_SITE as 'lax' | 'strict' | 'none') || 'strict',
 			});
 		}