New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@okta/okta-auth-js
Advanced tools
@okta/okta-auth-js - npm Package Compare versions
Comparing version 2.13.1 to 2.13.2
| # Changelog | ||
| ## 2.13.2 | ||
| ### Bug Fixes | ||
| -[#338](https://github.com/okta/okta-auth-js/pull/338) - (Fix for Chrome 80) Setting 'Secure' on cookies if running on HTTPS. Setting 'SameSite=Lax' on cookies if running on HTTP. TokenManager (if using cookie storage) will retain previous behavior, setting 'SameSite=Lax' in all cases unless `tokenManager.secure` is set to `true` via config. | ||
| ## 2.13.1 | ||
@@ -4,0 +10,0 @@ |
@@ -15,2 +15,3 @@ var packageJson = require('./package.json'); | ||
| './test/spec/browser.js', | ||
| './test/spec/browserStorage.js', | ||
| './test/spec/fingerprint.js', | ||
@@ -17,0 +18,0 @@ './test/spec/general.js', |
@@ -47,3 +47,5 @@ /*! | ||
| } else { | ||
| return storageBuilder(storageUtil.getCookieStorage(), constants.PKCE_STORAGE_NAME); | ||
| return storageBuilder(storageUtil.getCookieStorage({ | ||
| secure: window.location.protocol === 'https:' | ||
| }), constants.PKCE_STORAGE_NAME); | ||
| } | ||
@@ -58,3 +60,5 @@ }; | ||
| } else { | ||
| return storageBuilder(storageUtil.getCookieStorage(), constants.CACHE_STORAGE_NAME); | ||
| return storageBuilder(storageUtil.getCookieStorage({ | ||
| secure: window.location.protocol === 'https:' | ||
| }), constants.CACHE_STORAGE_NAME); | ||
| } | ||
@@ -74,4 +78,4 @@ }; | ||
| options = options || {}; | ||
| var secure = options.secure; // currently opt-in | ||
| var sameSite = options.sameSite || 'none'; | ||
| var secure = options.secure || false; // currently opt-in | ||
| var sameSite = options.sameSite || (secure ? 'none' : 'lax'); | ||
| return { | ||
@@ -78,0 +82,0 @@ getItem: storageUtil.storage.get, |
@@ -637,2 +637,11 @@ /*! | ||
| // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure | ||
| // If the application is running on HTTPS, we can relax 3rd party cookie settings. | ||
| // This will allow embedding the app in an iframe (only if it is running on HTTPS protocol) | ||
| var isSecure = window.location.protocol === 'https:'; | ||
| var cookieSettings = { | ||
| secure: isSecure, | ||
| sameSite: isSecure ? 'none' : 'lax' | ||
| }; | ||
| // Set session cookie to store the oauthParams | ||
@@ -647,15 +656,9 @@ cookies.set(constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME, JSON.stringify({ | ||
| ignoreSignature: oauthParams.ignoreSignature | ||
| }), null, { | ||
| sameSite: 'none' | ||
| }); | ||
| }), null, cookieSettings); | ||
| // Set nonce cookie for servers to validate nonce in id_token | ||
| cookies.set(constants.REDIRECT_NONCE_COOKIE_NAME, oauthParams.nonce, null, { | ||
| sameSite: 'none' | ||
| }); | ||
| cookies.set(constants.REDIRECT_NONCE_COOKIE_NAME, oauthParams.nonce, null, cookieSettings); | ||
| // Set state cookie for servers to validate state | ||
| cookies.set(constants.REDIRECT_STATE_COOKIE_NAME, oauthParams.state, null, { | ||
| sameSite: 'none' | ||
| }); | ||
| cookies.set(constants.REDIRECT_STATE_COOKIE_NAME, oauthParams.state, null, cookieSettings); | ||
@@ -662,0 +665,0 @@ sdk.token.getWithRedirect._setLocation(requestUrl); |
| { | ||
| "name": "@okta/okta-auth-js", | ||
| "description": "The Okta Auth SDK", | ||
| "version": "2.13.1", | ||
| "version": "2.13.2", | ||
| "homepage": "https://github.com/okta/okta-auth-js", | ||
@@ -71,5 +71,5 @@ "license": "Apache-2.0", | ||
| "okta": { | ||
| "commitSha": "8ba6dec6ad174d759c7383924a57c737643a6829", | ||
| "fullVersion": "2.13.1-20200227164451-8ba6dec" | ||
| "commitSha": "92f6ae3848e81b2c99e7109a4d1a53ab934079ef", | ||
| "fullVersion": "2.13.2-20200303023426-92f6ae3" | ||
| } | ||
| } |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.29%
805118
- Lines of code
- increased by0.23%
3521
No dependency changes