From ae8e5d4ef670580eaaffc8783790687fc8b9782f Mon Sep 17 00:00:00 2001
From: "D. Berge" <dberge@aaltronav.eu>
Date: Sat, 9 Aug 2025 12:43:17 +0200
Subject: [PATCH] Do not use cookies for backend authentication

---
 lib/www/server/api/middleware/auth/jwt.js    | 2 --
 lib/www/server/api/middleware/user/login.js  | 1 -
 lib/www/server/api/middleware/user/logout.js | 1 -
 3 files changed, 4 deletions(-)

diff --git a/lib/www/server/api/middleware/auth/jwt.js b/lib/www/server/api/middleware/auth/jwt.js
index 7fd9b40..438e81d 100644
--- a/lib/www/server/api/middleware/auth/jwt.js
+++ b/lib/www/server/api/middleware/auth/jwt.js
@@ -5,8 +5,6 @@ const cfg = require("../../../lib/config").jwt;
 const getToken = function (req) {
 	if (req.headers.authorization && req.headers.authorization.split(' ')[0] == 'Bearer') {
 		return req.headers.authorization.split(' ')[1];
-	} else if (req.cookies.JWT) {
-		return req.cookies.JWT;
 	}
 	return null;
 }
diff --git a/lib/www/server/api/middleware/user/login.js b/lib/www/server/api/middleware/user/login.js
index e3aaacf..3f10f95 100644
--- a/lib/www/server/api/middleware/user/login.js
+++ b/lib/www/server/api/middleware/user/login.js
@@ -8,7 +8,6 @@ async function login (req, res, next) {
 		if (payload) {
 			const token = jwt.issue(payload, req, res);
 			res.set("X-JWT", token);
-			res.set("Set-Cookie", `JWT=${token}`); // For good measure
 			res.status(200).send({token});
 			next();
 			return;
diff --git a/lib/www/server/api/middleware/user/logout.js b/lib/www/server/api/middleware/user/logout.js
index 9cacc90..23d6393 100644
--- a/lib/www/server/api/middleware/user/logout.js
+++ b/lib/www/server/api/middleware/user/logout.js
@@ -1,6 +1,5 @@
 
 async function logout (req, res, next) {
-	res.clearCookie("JWT");
 	res.status(204).send();
 	next();
 }