From 544071f3e761bb819ef3370c18b5da4c13c5c986 Mon Sep 17 00:00:00 2001 From: cheebreezee Date: Mon, 15 Jun 2026 07:08:35 -0700 Subject: [PATCH] fix: refactor cookie settings for Home Assistant i-frame login (#7741) --- frontend/app/composables/use-auth-backend.ts | 6 ++---- frontend/app/composables/use-token-cookie.ts | 9 +++++++++ frontend/app/plugins/axios.ts | 3 ++- 3 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 frontend/app/composables/use-token-cookie.ts diff --git a/frontend/app/composables/use-auth-backend.ts b/frontend/app/composables/use-auth-backend.ts index 5814702b2..00b80be9c 100644 --- a/frontend/app/composables/use-auth-backend.ts +++ b/frontend/app/composables/use-auth-backend.ts @@ -1,6 +1,7 @@ import { ref, computed } from "vue"; import type { UserOut } from "~/lib/api/types/user"; import { clearAllStores } from "~/composables/store"; +import { getTokenCookieOptions } from "~/composables/use-token-cookie"; interface AuthData { value: UserOut | null; @@ -30,10 +31,7 @@ export const useAuthBackend = function (): AuthState { const runtimeConfig = useRuntimeConfig(); const tokenName = runtimeConfig.public.AUTH_TOKEN; - const tokenCookie = useCookie(tokenName, { - maxAge: $appInfo.tokenTime * 60 * 60, - secure: $appInfo.production && window?.location?.protocol === "https:", - }); + const tokenCookie = useCookie(tokenName, getTokenCookieOptions()); function setToken(token: string | null) { tokenCookie.value = token; diff --git a/frontend/app/composables/use-token-cookie.ts b/frontend/app/composables/use-token-cookie.ts new file mode 100644 index 000000000..3e5070091 --- /dev/null +++ b/frontend/app/composables/use-token-cookie.ts @@ -0,0 +1,9 @@ +export function getTokenCookieOptions(): Parameters[1] { + const isSecureConnection = useNuxtApp().$appInfo.production && window?.location?.protocol === "https:"; + return { + maxAge: useNuxtApp().$appInfo.tokenTime * 60 * 60, + secure: isSecureConnection, + sameSite: isSecureConnection ? "none" : "lax", + partitioned: isSecureConnection, + }; +} diff --git a/frontend/app/plugins/axios.ts b/frontend/app/plugins/axios.ts index 0531a3aca..62eb2240a 100644 --- a/frontend/app/plugins/axios.ts +++ b/frontend/app/plugins/axios.ts @@ -1,5 +1,6 @@ import axios from "axios"; import { alert } from "~/composables/use-toast"; +import { getTokenCookieOptions } from "~/composables/use-token-cookie"; declare module "axios" { interface AxiosRequestConfig { @@ -42,7 +43,7 @@ export default defineNuxtPlugin(() => { // If we receive a 401 Unauthorized response, clear the token cookie and redirect to login if (error?.response?.status === 401) { // If tokenCookie is not set, we may just be an unauthenticated user using the wrong API, so don't redirect - const tokenCookie = useCookie(tokenName); + const tokenCookie = useCookie(tokenName, getTokenCookieOptions()); if (tokenCookie.value) { tokenCookie.value = null;