How to set sameSite and Secure attributes in a cookie with express?

Question

I have this server API code that create a cookie and I needed to set samesite and Secure attributes to get rid of a warning so I added them like in this post but I get now error

Request failed with status code 500

app.post('/api/login', (req, res) => {
    User.findOne({'email': req.body.email}, (err, user) => {
        if (!user) return res.json({isAuth: false, message: 'Auth failed no email'});

        user.comparePassword(req.body.password, (err, isMatch) => {
            if (!isMatch) return res.json({isAuth: false, message: 'wrong password'});

            user.generateToken((err, User) => {
                if (err) return res.status(400).send(err);
                res.cookie('auth', user.token, {samesite:none, secure:true}).send({isAuth: true, id: user._id, email: user.email });
            })
        })
    })
})

Is this the correct way to set samesite and secure attributes ? how I can fix this ?

Without {samesite:none, secure:true} the API work fine.

score 2 · Accepted Answer · answered Jun 05 '20 at 00:32

2

Use sameSite:'none' instead of samesite:none

answered Jun 05 '20 at 00:32

mangusta

3,470
5
24
47

How to set sameSite and Secure attributes in a cookie with express?

1 Answers1