refactor: Remove cookie domain attribute

Author: tjtanjin

config/env/.env.template

@@ -5,9 +5,6 @@ API_BASE_URL=http://localhost:3000
 # frontend website (for handling cors and cookie), acccepts comma-separated-values
 FRONTEND_WEBSITE_URLS=FRONTEND_WEBSITE_URL_1,FRONTEND_WEBSITE_URL_2
 
-# used to secure live environments, should allow both frontend/backend domains (do not include protocol)
-COOKIE_DOMAIN=COOKIE_DOMAIN
-
 # plugin configurations
 MAX_PLUGIN_IMAGE_FILE_SIZE=1048576 # (bytes)
 

src/api/index.ts

@@ -137,8 +137,6 @@ app.use(
       secure: process.env.NODE_ENV !== 'local',
       // in production, use "lax" as frontend and backend have the same root domain
       sameSite: process.env.NODE_ENV === 'local' ? 'none' : 'lax',
-      // if not in production, leave domain as undefined
-      domain: process.env.NODE_ENV === 'local' ? undefined : process.env.COOKIE_DOMAIN,
       // expire after 3 months (milliseconds)
       maxAge: 1000 * 60 * 60 * 24 * 30 * 3,
     },

src/api/middleware/csrfMiddleware.ts

@@ -18,8 +18,6 @@ const csrfMiddleware: RequestHandler = (req, res, next) => {
       secure: process.env.NODE_ENV !== 'local',
       // in production, use "lax" as frontend and backend have the same root domain
       sameSite: process.env.NODE_ENV === 'local' ? 'none' : 'lax',
-      // if not in production, leave domain as undefined
-      domain: process.env.NODE_ENV === 'local' ? undefined : process.env.COOKIE_DOMAIN,
     });
     return next();
   }