From d7f4b255bf4e56fce0643a6ff06612a1b23f5592 Mon Sep 17 00:00:00 2001
From: Scott Lamb <slamb@slamb.org>
Date: Tue, 30 Mar 2021 16:23:58 -0700
Subject: [PATCH] when developing on Safari, strip HttpOnly

This might be necessary in the production/https case too. But try this
first.
---
 ui/src/setupProxy.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/ui/src/setupProxy.js b/ui/src/setupProxy.js
index 1d92d16..5805024 100644
--- a/ui/src/setupProxy.js
+++ b/ui/src/setupProxy.js
@@ -21,13 +21,24 @@ module.exports = (app) => {
       // this attribute in the proxy with code from here:
       // https://github.com/chimurai/http-proxy-middleware/issues/169#issuecomment-575027907
       // See also discussion in guide/developing-ui.md.
+      //
+      // Additionally, Safari appears to (sometimes?) prevent http-only cookies
+      // (meaning cookies that Javascript shouldn't be able to access) from
+      // being passed to WebSocket requests (possibly only when not using
+      // https/wss). Also strip HttpOnly when using Safari.
+      // https://developer.apple.com/forums/thread/104488
       onProxyRes: (proxyRes, req, res) => {
         const sc = proxyRes.headers["set-cookie"];
         if (Array.isArray(sc)) {
           proxyRes.headers["set-cookie"] = sc.map((sc) => {
             return sc
               .split(";")
-              .filter((v) => v.trim().toLowerCase() !== "secure")
+              .filter(
+                (v) =>
+                  v.trim().toLowerCase() !== "secure" &&
+                  (v.trim().toLowerCase() !== "httponly" ||
+                    !req.headers["user-agent"].includes("Safari"))
+              )
               .join("; ");
           });
         }