Merge pull request backstage#8852 from backstage/rugvip/auto

auth-backend: switch over to use auto secure cookies
powerhome · Jan 10, 2022 · 72b00f4 · 72b00f4
2 parents 79982b2 + 20ca7cf
commit 72b00f4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/.changeset/slimy-eggs-carry.md b/.changeset/slimy-eggs-carry.md
@@ -0,0 +1,7 @@
+---
+'@backstage/plugin-auth-backend': patch
+---
+
+Switched the secure cookie mode set on the `express-session` to use `'auto'` rather than `true`. This works around an issue where cookies would not be set if TLS termination was handled in a proxy rather than having the backend served directly with HTTPS.
+
+The downside of this change is that secure cookies won't be used unless the backend is directly served with HTTPS. This will be remedied in a future update that allows the backend to configured for trusted proxy mode.
diff --git a/plugins/auth-backend/src/service/router.ts b/plugins/auth-backend/src/service/router.ts
@@ -74,7 +74,7 @@ export async function createRouter(
         secret,
         saveUninitialized: false,
         resave: false,
-        cookie: { secure: enforceCookieSSL },
+        cookie: { secure: enforceCookieSSL ? 'auto' : false },
       }),
     );
     router.use(passport.initialize());