when developing on Safari, strip HttpOnly

This might be necessary in the production/https case too. But try this first.
2025-02-03 18:06:02 -05:00 · 2021-03-30 16:23:58 -07:00 · 2021-03-30 16:23:58 -07:00 · d7f4b255bf
commit d7f4b255bf
parent 478323ec62
1 changed files with 12 additions and 1 deletions
--- a/ui/src/setupProxy.js
+++ b/ui/src/setupProxy.js
@ -21,13 +21,24 @@ module.exports = (app) => {
      // this attribute in the proxy with code from here:
      // https://github.com/chimurai/http-proxy-middleware/issues/169#issuecomment-575027907
      // See also discussion in guide/developing-ui.md.
+      //
+      // Additionally, Safari appears to (sometimes?) prevent http-only cookies
+      // (meaning cookies that Javascript shouldn't be able to access) from
+      // being passed to WebSocket requests (possibly only when not using
+      // https/wss). Also strip HttpOnly when using Safari.
+      // https://developer.apple.com/forums/thread/104488
      onProxyRes: (proxyRes, req, res) => {
        const sc = proxyRes.headers["set-cookie"];
        if (Array.isArray(sc)) {
          proxyRes.headers["set-cookie"] = sc.map((sc) => {
            return sc
              .split(";")
-              .filter((v) => v.trim().toLowerCase() !== "secure")
+              .filter(
+                (v) =>
+                  v.trim().toLowerCase() !== "secure" &&
+                  (v.trim().toLowerCase() !== "httponly" ||
+                    !req.headers["user-agent"].includes("Safari"))
+              )
              .join("; ");
          });
        }