SameSite cookie attribute compatibilty with Hono
Closed this issue · 1 comments
yiss commented
I'm currently working on integrating Lucia and Oslo with a Hono API and noticed the typing for the SameSite in the Cookie is not compatible with one used by Hono, when looking at the documentation on MDN website it seems that Hono are using the same one as MDN documentation.
Example
This gives a type error :
const session = await lucia.createSession(createdUser.userId, {});
const sessionCookie = lucia.createSessionCookie(session.id);
setCookie(ctx, sessionCookie.name, sessionCookie.value, {
...sessionCookie.attributes,
});
Argument of type '{ secure?: boolean; path?: string; domain?: string; sameSite?: "lax" | "strict" | "none"; httpOnly?: boolean; maxAge?: number; expires?: Date; }' is not assignable to parameter of type 'CookieOptions'.
Types of property 'sameSite' are incompatible.
Type '"lax" | "strict" | "none"' is not assignable to type '"Lax" | "Strict" | "None"'.
Type '"lax"' is not assignable to type '"Lax" | "Strict" | "None"'. Did you mean '"Lax"'?
And forced to do this instead:
const session = await lucia.createSession(createdUser.userId, {});
const sessionCookie = lucia.createSessionCookie(session.id);
setCookie(ctx, sessionCookie.name, sessionCookie.value, {
...sessionCookie.attributes,
sameSite: "Lax",
});
Suggested change
Change the typing to be in uppercase :
sameSite?: "None" | "Lax" | "Strict"
References :
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
- https://github.com/honojs/hono/blob/c514da0804ccbfc1a5ffeaedb1b797863eb73f93/src/utils/cookie.ts#L13
If it's alright with you, I can create a PR to fix this issue
pilcrowOnPaper commented
This is an issue with Hono, not us. We're using the de-facto standard cookie API used by the cookie
NPM package, Next.js, Astro, and the soon to be web standard Cookie Store API.