From 5a41cc6df58571a40c33ed33149a70821d13f463 Mon Sep 17 00:00:00 2001
From: niroz89 <niro@sph.com.sg>
Date: Thu, 22 Apr 2021 20:45:36 +0800
Subject: [PATCH] update cookie lib and set samesite,secure

---
 package.json                    | 2 +-
 src/policyagent/policy-agent.ts | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index d0e4326..0a0d9af 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
     "axios": "^0.18.0",
     "basic-auth": "^1.1.0",
     "body-parser": "^1.18.3",
-    "cookie": "^0.2.0",
+    "cookie": "^0.4.1",
     "express": "^4.16.4",
     "handlebars": "^4.0.12",
     "shortid": "^2.2.13",
diff --git a/src/policyagent/policy-agent.ts b/src/policyagent/policy-agent.ts
index 2f1a902..211db15 100644
--- a/src/policyagent/policy-agent.ts
+++ b/src/policyagent/policy-agent.ts
@@ -187,7 +187,7 @@ export class PolicyAgent extends EventEmitter {
    */
   async setSessionCookie(res: ServerResponse, sessionId: string): Promise<void> {
     const { cookieName } = await this.getServerInfo();
-    res.setHeader('Set-Cookie', cookie.serialize(cookieName, sessionId, { path: '/', sameSite: 'none' }));
+    res.setHeader('Set-Cookie', cookie.serialize(cookieName, sessionId, { path: '/', sameSite: 'none', secure: true }));
   }
 
   /**
@@ -195,7 +195,7 @@ export class PolicyAgent extends EventEmitter {
    */
   async clearSessionCookie(res: ServerResponse): Promise<void> {
     const { cookieName } = await this.getServerInfo();
-    res.setHeader('Set-Cookie', cookie.serialize(cookieName, '', { path: '/' }));
+    res.setHeader('Set-Cookie', cookie.serialize(cookieName, '', { path: '/', sameSite: 'none', secure: true }));
   }
 
   /**