fix: Don't set cookie domain when not using multiple subdomains (#1145)

* fix: Don't set cookie domain when not using multiple subdomains * wip logging domain * wip logging domain * wip logging domain * wip logging domain * Revert "wip logging domain" This reverts commit 325907e74962179e02cee0b1df364a3aedbe62e3. * Revert "wip logging domain" This reverts commit 6ee095a49e9c18999a20d5379234323d49d5e6c8. * Revert "wip logging domain" This reverts commit 813d8eb960cdf4dd6db4795739df3adf895600e2. * Revert "wip logging domain" This reverts commit f1ca81927626bbd0d46c1963510d115a003176d8. * Remove SUBDOMAINS_ENABLED from documented env variables, no-one self hosting should need this – it just adds confusion to those looking to host on a single subdomain fix: Account for server/client process.env parsing Co-authored-by: Nan Yu <nanyu@Nans-MBP-2.lan> Co-authored-by: Nan Yu <nan@getoutline.com>
2020-05-19 21:05:57 -07:00
parent 9274005cbb
commit 092d9dce18
7 changed files with 16 additions and 14 deletions
--- a/server/auth/index.js
+++ b/server/auth/index.js
@ -6,7 +6,7 @@ import validation from '../middlewares/validation';
 import auth from '../middlewares/authentication';
 import addMonths from 'date-fns/add_months';
 import { Team } from '../models';
-import { stripSubdomain } from '../../shared/utils/domains';
+import { getCookieDomain } from '../../shared/utils/domains';

 import slack from './slack';
 import google from './google';
@ -25,7 +25,7 @@ router.get('/redirect', auth(), async ctx => {
  // transfer access token cookie from root to subdomain
  ctx.cookies.set('accessToken', undefined, {
    httpOnly: true,
-    domain: stripSubdomain(ctx.request.hostname),
+    domain: getCookieDomain(ctx.request.hostname),
  });

  ctx.cookies.set('accessToken', user.getJwtToken(), {