From 20f8f79803f37334e77f90474ea516b3bc56ce9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Buri?= <burib@users.noreply.github.com>
Date: Sat, 4 Jan 2025 18:14:58 +0100
Subject: [PATCH] fix: make id_token,access_token accessible by JS

---
 functions/lambda_at_edge/auth_check.tpl.py | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/functions/lambda_at_edge/auth_check.tpl.py b/functions/lambda_at_edge/auth_check.tpl.py
index 6293ba1..1b0d963 100644
--- a/functions/lambda_at_edge/auth_check.tpl.py
+++ b/functions/lambda_at_edge/auth_check.tpl.py
@@ -272,11 +272,24 @@ def format_cookie_date(timestamp):
     """Convert Unix timestamp to cookie-compatible date format"""
     return formatdate(timestamp, usegmt=True)
 
-def create_cookie_header(name, value, expiration=None, path="/"):
-    """Create a cookie header with security attributes and expiration"""
-    cookie = f"{name}={value}; Secure; HttpOnly; SameSite=Lax; Path={path}"
+def create_cookie_header(name, value, expiration=None, path="/", http_only=False):
+    """Create a cookie header with security attributes and expiration
+    
+    Args:
+        name: Cookie name
+        value: Cookie value
+        expiration: Optional expiration datetime
+        path: Cookie path (default: "/")
+        http_only: Whether cookie should be HttpOnly (default: False)
+    """
+    cookie = f"{name}={value}; Secure; SameSite=Lax; Path={path}"
+    
+    if http_only:
+        cookie += "; HttpOnly"
+        
     if expiration:
         cookie += f"; Expires={format_cookie_date(expiration)}"
+        
     return cookie
 
 # Update the handler function's protected path check