From 526402fd73407ee4fa2d31092111a7e6a1741487 Mon Sep 17 00:00:00 2001
From: Saad Jutt <ihsan.distranger@gmail.com>
Date: Wed, 20 Jul 2022 01:40:31 +0500
Subject: [PATCH] fix(security): missing cookie flags are added

---
 api/src/routes/web/web.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/src/routes/web/web.ts b/api/src/routes/web/web.ts
index 0cd9283..3f76fcb 100644
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -1,4 +1,5 @@
 import express from 'express'
+import { cookieOptions } from '../../app'
 import { WebController } from '../../controllers/web'
 import { authenticateAccessToken, desktopRestrict } from '../../middlewares'
 import { authorizeValidation, loginWebValidation } from '../../utils'
@@ -13,7 +14,7 @@ webRouter.get('/', async (req, res) => {
   } catch (_) {
     response = 'Web Build is not present'
   } finally {
-    res.cookie('XSRF-TOKEN', req.csrfToken())
+    res.cookie('XSRF-TOKEN', req.csrfToken(), cookieOptions)
 
     return res.send(response)
   }