fix(Authentication): correctly pass custom options to clear cookie calls

Author: skyhancloud

server/src/routes/auth/@me/index.js

@@ -21,7 +21,10 @@ module.exports = {
       if (!user) return response.sendError('User not found.', 404);
 
       if (userQuarantined) {
-        response.clearCookie('token');
+        response.clearCookie('token', {
+          httpOnly: true,
+          domain: `.${new URL(config.frontendUrl).hostname}`
+        });
 
         return response.sendError('You are not allowed to login.', 403);
       }

server/src/routes/auth/logout.js

@@ -15,7 +15,10 @@ module.exports = {
     async (request, response) => {
       await User.updateOne({ id: request.user.id }, { lastLogoutAt: new Date() }).catch(() => null);
 
-      response.clearCookie('token');
+      response.clearCookie('token', {
+        httpOnly: true,
+        domain: `.${new URL(config.frontendUrl).hostname}`
+      });
 
       return response.json({ success: true });
     }

server/src/server.js

@@ -124,7 +124,10 @@ module.exports = class Server {
         } catch (error) {
           logger.error('There was an error verifying the token:', error);
 
-          response.clearCookie('token');
+          response.clearCookie('token', {
+            httpOnly: true,
+            domain: `.${new URL(config.frontendUrl).hostname}`
+          });
 
           return response.sendError('Unauthorized', 401);
         }

server/src/utils/middlewares/checkAuthentication.js

@@ -30,7 +30,10 @@ module.exports = async function checkAuthentication(request, response, next) {
 
     next();
   } catch (error) {
-    response.clearCookie('token');
+    response.clearCookie('token', {
+      httpOnly: true,
+      domain: `.${new URL(config.frontendUrl).hostname}`
+    });
 
     if (error instanceof AuthError) return response.sendError(error.message, 401);