Setting cookie options

[adamkhan]

Upon pushing to a staging server I get an issue that I did not get at localhost. The cookie saved gives me the following console warning:

Cookie “strapi_jwt” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

How to change the value of SameSite in the cookie?

[atle-granlund]

I am very new to this so I might be wrong but I think you have to set your security settings for headers at server side.

They are are off by default.
https://strapi.io/documentation/v3.x/concepts/middlewares.html#configuration-and-activation.

Then nuxt/strapi module will follow the API rules.

[atinux]

I think we will need to expose the cookie options in the config so they can be given here: https://github.com/nuxt-community/strapi-module/blob/c88ff781dc44ecbaa58ca1c1e63b770662b91669/lib/plugin.js#L166

[dubem-design]

Please also expose options to set "TOKEN_KEY" name, one might not want to use "strapi_jwt"

[adamkhan]

Hello, two months later and I still can't get this to work. I've tried adding cors and sessions middleware options to Strapi's /config/middleware.js, tried installing the @nuxtjs/proxy module — none of the above stop my cookie from being out-of-date the moment it's set.

Is it Strapi or Nuxt's Strapi module that sets the cookie? Might setting Samesite to Lax be a solution? How to do that?

[adamkhan]

@atle-granlund, thanks for the suggestion. In Strapi I set config/middleware.js to:

module.exports = {

  settings: {
	  cors: {
		  enabled: false
	  },
	  session: {
		  enabled: true
	  },
  }
};

But this did not help. As soon as I refresh my console tells me:

Cookie “strapi_jwt” has been rejected because it is already expired.

[adamkhan]

I only have this problem when Nuxt is running in Production mode — Development mode handles cookies for Strapi just fine,

[adamkhan]

Turns out the problem was using nuxt-fontawesome instead of @nuxtjs/fontawesome! I've no idea why but making this change solved the issue, at least for me.