From 46ea16ef7e5c4ed2731fe7842ae22f477c42678e Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Mon, 5 Feb 2024 22:14:58 +0800
Subject: [PATCH] chore: fix cookie attrs

---
 api/v2/auth_service.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/v2/auth_service.go b/api/v2/auth_service.go
index 0109d05f..25a43a4a 100644
--- a/api/v2/auth_service.go
+++ b/api/v2/auth_service.go
@@ -165,7 +165,7 @@ func (s *APIV2Service) doSignIn(ctx context.Context, user *store.User, expireTim
 		cookieExpires = time.Now().AddDate(100, 0, 0)
 	}
 	if err := grpc.SetHeader(ctx, metadata.New(map[string]string{
-		"Set-Cookie": fmt.Sprintf("%s=%s; Path=/; Expires=%s; HttpOnly; SameSite=None", auth.AccessTokenCookieName, accessToken, cookieExpires.Format(time.RFC1123)),
+		"Set-Cookie": fmt.Sprintf("%s=%s; Path=/; Expires=%s; HttpOnly; SameSite=Strict", auth.AccessTokenCookieName, accessToken, cookieExpires.Format(time.RFC1123)),
 	})); err != nil {
 		return status.Errorf(codes.Internal, "failed to set grpc header, error: %v", err)
 	}
@@ -231,7 +231,7 @@ func (*APIV2Service) SignOut(ctx context.Context, _ *apiv2pb.SignOutRequest) (*a
 
 func clearAccessTokenCookie(ctx context.Context) error {
 	if err := grpc.SetHeader(ctx, metadata.New(map[string]string{
-		"Set-Cookie": fmt.Sprintf("%s=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=None", auth.AccessTokenCookieName),
+		"Set-Cookie": fmt.Sprintf("%s=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Strict", auth.AccessTokenCookieName),
 	})); err != nil {
 		return errors.Wrap(err, "failed to set grpc header")
 	}