From c13a7c16aa209a22f5db4eb55edcc0ef04b6d67d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Chopin?= <atinux@gmail.com>
Date: Wed, 5 Feb 2025 12:43:46 +0100
Subject: [PATCH] chore: add security layer

---
 src/runtime/server/lib/atproto/bluesky.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/runtime/server/lib/atproto/bluesky.ts b/src/runtime/server/lib/atproto/bluesky.ts
index 0b5495f..2125081 100644
--- a/src/runtime/server/lib/atproto/bluesky.ts
+++ b/src/runtime/server/lib/atproto/bluesky.ts
@@ -122,7 +122,12 @@ export class StateStore implements NodeSavedStateStore {
   }
 
   async set(key: string, val: NodeSavedState) {
-    setCookie(this.event, this.stateKey, btoa(JSON.stringify(val)))
+    setCookie(this.event, this.stateKey, btoa(JSON.stringify(val)), {
+      path: '/',
+      httpOnly: true,
+      secure: true,
+      sameSite: 'lax',
+    })
   }
 
   async del() {