feat: Additional httpOnly token for enhanced security in browsers

server/api/helpers/utils/set-http-only-token-cookie.js

@@ -0,0 +1,28 @@
+module.exports = {
+  sync: true,
+
+  inputs: {
+    value: {
+      type: 'string',
+      required: true,
+    },
+    accessTokenPayload: {
+      type: 'json',
+      required: true,
+    },
+    response: {
+      type: 'ref',
+      required: true,
+    },
+  },
+
+  fn(inputs) {
+    inputs.response.cookie('httpOnlyToken', inputs.value, {
+      expires: new Date(inputs.accessTokenPayload.exp * 1000),
+      path: sails.config.custom.baseUrlPath,
+      secure: sails.config.custom.baseUrlSecure,
+      httpOnly: true,
+      sameSite: 'strict',
+    });
+  },
+};