From 7e2446f52e5cfcc4c5b9f5625dccccfab420500c Mon Sep 17 00:00:00 2001
From: Sebastian Rindom <skrindom@gmail.com>
Date: Mon, 7 Sep 2020 10:48:19 +0200
Subject: [PATCH] fix(medusa): secure cookies in staging

---
 packages/medusa/src/loaders/express.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/packages/medusa/src/loaders/express.js b/packages/medusa/src/loaders/express.js
index ab5a289b76..689e421ce0 100644
--- a/packages/medusa/src/loaders/express.js
+++ b/packages/medusa/src/loaders/express.js
@@ -8,6 +8,13 @@ import createStore from "connect-redis"
 import config from "../config"
 
 export default async ({ app, configModule }) => {
+  let sameSite = false
+  let secure = false
+  if (process.env.NODE_ENV === "production" || process.env.NODE_ENV === "staging") {
+    secure = true
+    sameSite = "none"
+  }
+
   const RedisStore = createStore(session)
   const redisClient = redis.createClient(configModule.projectConfig.redis_url)
 
@@ -27,8 +34,8 @@ export default async ({ app, configModule }) => {
       proxy: true,
       secret: config.cookieSecret,
       cookie: {
-        sameSite: process.env.NODE_ENV === "production" ? "none" : false,
-        secure: process.env.NODE_ENV === "production",
+        sameSite,
+        secure,
         maxAge: 10 * 60 * 60 * 1000,
       },
     })