Resolve "Add secure attribute to the jwt_token cookie"

changelog.md

@@ -5,6 +5,8 @@
 * Implemented a switch to disable all filters without deleting them.
 * Made it possible to order by fields via the rows listing endpoint.
 * Added community chat to the readme.
+* Made the cookies strict and secure.
+* Removed the redundant _DOMAIN variables.
 
 ## Released (2020-11-02)
 

web-frontend/modules/core/utils/auth.js

@@ -5,6 +5,8 @@ export const setToken = (token, cookie) => {
   cookie.set(cookieTokenName, token, {
     path: '/',
     maxAge: 60 * 60 * 24 * 7,
+    sameSite: 'strict',
+    secure: true,
   })
 }
 

web-frontend/modules/core/utils/group.js

@@ -2,7 +2,10 @@ const cookieGroupName = 'baserow_group_id'
 
 export const setGroupCookie = (groupId, cookie) => {
   if (process.SERVER_BUILD) return
-  cookie.set(cookieGroupName, groupId)
+  cookie.set(cookieGroupName, groupId, {
+    sameSite: 'strict',
+    secure: true,
+  })
 }
 
 export const unsetGroupCookie = (cookie) => {