fix cookie options bug

This commit is contained in:
Mikael Finstad 2026-06-23 15:26:55 +02:00
parent 3b0837463b
commit 260623fe3e
No known key found for this signature in database
GPG key ID: 25AB36E3E81CBC26

View file

@ -136,18 +136,21 @@ export default function server(inputCompanionOptions?: CompanionInitOptions) {
})
}
if (process.env['COMPANION_COOKIE_DOMAIN']) {
sessionOptions.cookie = {
domain: process.env['COMPANION_COOKIE_DOMAIN'],
// AFAIK sessions are only used for the initial oauth2 dance, and not after that.
// Therefore 10 minutes should be plenty of time for the user to complete the oauth2 dance.
// we might want to see if we can make grant work without sessions, so we can remove sessions:
// https://github.com/transloadit/uppy/issues/4394
// https://github.com/transloadit/api2/pull/8345#pullrequestreview-4552806932
maxAge: 10 * 60 * 1000,
}
const cookieOptions: SessionOptions['cookie'] = {
// AFAIK sessions are only used for the initial oauth2 dance, and not after that.
// Therefore 10 minutes should be plenty of time for the user to complete the oauth2 dance.
// we might want to see if we can make grant work without sessions, so we can remove sessions:
// https://github.com/transloadit/uppy/issues/4394
// https://github.com/transloadit/api2/pull/8345#pullrequestreview-4552806932
maxAge: 10 * 60 * 1000,
}
if (process.env['COMPANION_COOKIE_DOMAIN']) {
cookieOptions.domain = process.env['COMPANION_COOKIE_DOMAIN'];
}
sessionOptions.cookie = cookieOptions
// Session is used for grant redirects, so that we don't need to expose secret tokens in URLs
// See https://github.com/transloadit/uppy/pull/1668
// https://github.com/transloadit/uppy/issues/3538#issuecomment-1069232909