When specifying cookieOptions, the middleware should keep any default setting that wasn't overridden.
Opened this issue · 0 comments
evert commented
If a user provides cookieOptions, we throw out all defaults.
const cookieOptions = options.cookieOptions || {
path: '/',
sameSite: 'lax',
httpOnly: true,
};
Instead we should keep all defaults and only use values that a user explicitly provided:
const cookieOptions = {
path: '/',
sameSite: 'lax',
httpOnly: true,
...options.cookieOptions
};
cc @defrex