Set response auth headers conditionally

2025-12-06 07:57:07 +00:00 · 2025-08-07 10:42:37 +02:00
parent 9c86018653
commit 8399782409
1 changed files with 8 additions and 2 deletions
--- a/lib/www/server/lib/jwt.js
+++ b/lib/www/server/lib/jwt.js
@@ -43,8 +43,14 @@ function issue (payload, req, res) {
 	}

 	if (res) {
-		res.set("X-JWT", token);
-		res.set("Set-Cookie", `JWT=${token}`); // For good measure
+		if (token) {
+			res.set("X-JWT", token);
+			const expiry = payload.exp ? (new Date(payload.exp*1000)).toUTCString() : null;
+			const cookie = expiry
+				? `JWT=${token}; path=/; SameSite=lax; expires=${expiry}`
+				: `JWT=${token}; path=/; SameSite=lax`
+			res.set("Set-Cookie", cookie); // For good measure
+		}
 	}

 	return token;