Fix cookie sameSite attribute (#443)
* fix: set i18n cookie SameSite=lax to survive cross-domain redirects The i18n language cookie was being reset to default after Supabase email verification redirects because the cookie was using the default SameSite=strict setting which doesn't survive cross-domain navigation. Changes: - Set cookieOptions.sameSite to 'lax' to allow cookie to persist through cross-domain redirects (like Supabase auth flows) - Set secure flag dynamically based on HTTPS protocol - Set cookie path to '/' for site-wide availability - Set cookie expiration to 1 year - Change detection order to prioritize cookie over htmlTag Bumps version to 2.23.4 * fix: set theme cookie SameSite=lax to survive cross-domain redirects Apply the same fix as the i18n cookie to the theme cookie. The theme preference cookie was also missing SameSite=lax attribute, causing it to potentially be lost during cross-domain authentication flows. Changes: - Add SameSite=lax to theme cookie - Add Secure flag conditionally based on HTTPS protocol - Fix typo: setCookeTheme -> setCookieTheme * fix: correct SameSite casing and add security to sidebar cookie - Fix SameSite value to use proper capitalization (Lax instead of lax) for better browser compatibility - Add SameSite=Lax and conditional Secure flag to sidebar state cookie - Add typeof window check for defensive programming --------- Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Giancarlo Buomprisco
committed by
GitHub
GitHub
parent
f5e6910194
commit
f0baf4f348
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "next-supabase-saas-kit-turbo",
|
||||
"version": "2.23.3",
|
||||
"version": "2.23.4",
|
||||
"private": true,
|
||||
"sideEffects": false,
|
||||
"engines": {
|
||||
|
||||
Reference in New Issue
Block a user