From d125ef80709233f2af634d2fb13ef301440223c1 Mon Sep 17 00:00:00 2001 From: steve higgs Date: Tue, 15 Dec 2020 19:58:52 +0000 Subject: [PATCH] Make the samesite value on the login cookie case insensitive Big commerce sometimes returns a login cookie with SameSite set to None rather than none. The code to change this value in development mode needs to be case insensitive. --- src/api/operations/login.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/api/operations/login.ts b/src/api/operations/login.ts index e16502a..8a85027 100644 --- a/src/api/operations/login.ts +++ b/src/api/operations/login.ts @@ -54,7 +54,9 @@ async function login({ if (process.env.NODE_ENV !== 'production') { cookie = cookie.replace('; Secure', '') // SameSite=none can't be set unless the cookie is Secure - cookie = cookie.replace('; SameSite=none', '; SameSite=lax') + // bc seems to sometimes send back SameSite=None rather than none so make + // this case insensitive + cookie = cookie.replace(/; SameSite=none/gi, '; SameSite=lax') } response.setHeader(