From 873ca55efac43ff2f389e8c48dc10168f377b0e8 Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Wed, 19 Aug 2020 14:21:19 +0200 Subject: [PATCH 1/9] Update utils-common.js change locale cookie options sameSite to none allow setting cookie in iFrame integration --- src/templates/utils-common.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/templates/utils-common.js b/src/templates/utils-common.js index 64e2469a1..27ba97c74 100644 --- a/src/templates/utils-common.js +++ b/src/templates/utils-common.js @@ -180,7 +180,7 @@ export const setLocaleCookie = (locale, res, { useCookie, cookieDomain, cookieKe const cookieOptions = { expires: new Date(date.setDate(date.getDate() + 365)), path: '/', - sameSite: 'lax' + sameSite: 'none' } if (cookieDomain) { From 7bcae0dd2f6be22b6bb5bdef563eb8298a276188 Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Thu, 20 Aug 2020 09:14:59 +0200 Subject: [PATCH 2/9] Update utils-common.js add secure option to cookie --- src/templates/utils-common.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/templates/utils-common.js b/src/templates/utils-common.js index 27ba97c74..f38310347 100644 --- a/src/templates/utils-common.js +++ b/src/templates/utils-common.js @@ -180,7 +180,8 @@ export const setLocaleCookie = (locale, res, { useCookie, cookieDomain, cookieKe const cookieOptions = { expires: new Date(date.setDate(date.getDate() + 365)), path: '/', - sameSite: 'none' + sameSite: 'none', + secure: true } if (cookieDomain) { From b2198843f0b763bb11d243adaf947943854bae68 Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Thu, 20 Aug 2020 11:30:48 +0200 Subject: [PATCH 3/9] Update utils-common.js add option crossOriginCookie to enable sameSite: none and secure: true cookie settings --- src/templates/utils-common.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/templates/utils-common.js b/src/templates/utils-common.js index f38310347..af1cb98e3 100644 --- a/src/templates/utils-common.js +++ b/src/templates/utils-common.js @@ -170,9 +170,9 @@ export const getLocaleCookie = (req, { useCookie, cookieKey, localeCodes }) => { /** * @param {string} locale * @param {object} [res] - * @param {{ useCookie: boolean, cookieDomain: string, cookieKey: string}} options + * @param {{ useCookie: boolean, cookieDomain: string, cookieKey: string, crossOriginCookie: boolean}} options */ -export const setLocaleCookie = (locale, res, { useCookie, cookieDomain, cookieKey }) => { +export const setLocaleCookie = (locale, res, { useCookie, cookieDomain, cookieKey, crossOriginCookie }) => { if (!useCookie) { return } @@ -180,8 +180,8 @@ export const setLocaleCookie = (locale, res, { useCookie, cookieDomain, cookieKe const cookieOptions = { expires: new Date(date.setDate(date.getDate() + 365)), path: '/', - sameSite: 'none', - secure: true + sameSite: crossOriginCookie ? 'none' : 'lax', + secure: !!crossOriginCookie } if (cookieDomain) { From b07742bfa1411facb9cc39c9e8af9a3c9282dadd Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Thu, 20 Aug 2020 11:35:54 +0200 Subject: [PATCH 4/9] Update plugin.main.js pass crossOriginCookie to setLocaleCookie --- src/templates/plugin.main.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/templates/plugin.main.js b/src/templates/plugin.main.js index 2551bcf71..197d043f2 100644 --- a/src/templates/plugin.main.js +++ b/src/templates/plugin.main.js @@ -62,7 +62,7 @@ export default async (context) => { }) } - const { useCookie, cookieKey, cookieDomain } = detectBrowserLanguage + const { useCookie, cookieKey, cookieDomain, crossOriginCookie } = detectBrowserLanguage const loadAndSetLocale = async (newLocale, { initialSetup = false } = {}) => { // Abort if different domains option enabled @@ -213,7 +213,7 @@ export default async (context) => { i18n.differentDomains = differentDomains i18n.beforeLanguageSwitch = beforeLanguageSwitch i18n.onLanguageSwitched = onLanguageSwitched - i18n.setLocaleCookie = locale => setLocaleCookie(locale, res, { useCookie, cookieDomain, cookieKey }) + i18n.setLocaleCookie = locale => setLocaleCookie(locale, res, { useCookie, cookieDomain, cookieKey, crossOriginCookie }) i18n.getLocaleCookie = () => getLocaleCookie(req, { useCookie, cookieKey, localeCodes }) i18n.setLocale = (locale) => loadAndSetLocale(locale) i18n.__baseUrl = app.i18n.__baseUrl From 2ed54ce40bd4c8970a75407e5f438991e5ebc857 Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Thu, 20 Aug 2020 11:36:56 +0200 Subject: [PATCH 5/9] Update constants.js add default for crossOriginCookie --- src/helpers/constants.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/helpers/constants.js b/src/helpers/constants.js index 07e4c7c54..20f7040a2 100644 --- a/src/helpers/constants.js +++ b/src/helpers/constants.js @@ -32,6 +32,7 @@ exports.DEFAULT_OPTIONS = { rootRedirect: null, detectBrowserLanguage: { useCookie: true, + crossOriginCookie: false, cookieDomain: null, cookieKey: 'i18n_redirected', alwaysRedirect: false, From 6920c3a7fe8e81ef4cae583dc27b8493cc57541d Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Thu, 20 Aug 2020 11:37:59 +0200 Subject: [PATCH 6/9] Update nuxt-i18n.d.ts add crossOriginCookie to type definition --- types/nuxt-i18n.d.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/types/nuxt-i18n.d.ts b/types/nuxt-i18n.d.ts index 33e74b7c2..a2fcca68b 100644 --- a/types/nuxt-i18n.d.ts +++ b/types/nuxt-i18n.d.ts @@ -29,6 +29,7 @@ declare namespace NuxtVueI18n { interface DetectBrowserLanguageInterface { useCookie?: boolean + crossOriginCookie?: boolean cookieDomain?: string | null cookieKey?: string alwaysRedirect?: boolean From 7df3aa11f85cc6fa12feccfee3021c092bc15df7 Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Thu, 20 Aug 2020 11:42:53 +0200 Subject: [PATCH 7/9] Update browser-language-detection.md add crossOriginCookie to docs --- docs/browser-language-detection.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/browser-language-detection.md b/docs/browser-language-detection.md index 84bb63f20..9c6071bf0 100644 --- a/docs/browser-language-detection.md +++ b/docs/browser-language-detection.md @@ -69,3 +69,17 @@ To redirect the user every time they visit the app and keep their selected choic } }] ``` + +To use the cookie within a cross-origin environment (e.g. in an iFrame), you can set `crossOriginCookie: true`. This will change the cookie settings from `SameSite=Lax` to `SameSite=None; Secure`. + +```js +// nuxt.config.js + +['nuxt-i18n', { + // ... + detectBrowserLanguage: { + useCookie: true, + crossOriginCookie: true + } +}] +``` From b010c5e51581c80da258dfa9611935b7068e0236 Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Sun, 23 Aug 2020 12:48:06 +0200 Subject: [PATCH 8/9] Update utils-common.js remove bool casting --- src/templates/utils-common.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/templates/utils-common.js b/src/templates/utils-common.js index af1cb98e3..bcb1c1bf0 100644 --- a/src/templates/utils-common.js +++ b/src/templates/utils-common.js @@ -181,7 +181,7 @@ export const setLocaleCookie = (locale, res, { useCookie, cookieDomain, cookieKe expires: new Date(date.setDate(date.getDate() + 365)), path: '/', sameSite: crossOriginCookie ? 'none' : 'lax', - secure: !!crossOriginCookie + secure: crossOriginCookie } if (cookieDomain) { From 08656e0dffc90ebdf4331f30785b0fa02dbbf8af Mon Sep 17 00:00:00 2001 From: lucianholt97 Date: Sun, 23 Aug 2020 12:51:08 +0200 Subject: [PATCH 9/9] Update browser-language-detection.md update es docs for browser language detection --- docs/es/browser-language-detection.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/es/browser-language-detection.md b/docs/es/browser-language-detection.md index 65a534df4..022a9f860 100644 --- a/docs/es/browser-language-detection.md +++ b/docs/es/browser-language-detection.md @@ -61,3 +61,16 @@ Para redirigir al usuario cada vez que visita la aplicaciĆ³n y mantener su elecc } }] ``` + +To use the cookie within a cross-origin environment (e.g. in an iFrame), you can set `crossOriginCookie: true`. This will change the cookie settings from `SameSite=Lax` to `SameSite=None; Secure`. + +```js +// nuxt.config.js +['nuxt-i18n', { + // ... + detectBrowserLanguage: { + useCookie: true, + crossOriginCookie: true + } +}] +```