From b09894a8c34643c189f37459b3d76ba6b733f725 Mon Sep 17 00:00:00 2001
From: Felix Mosheev <9304194+felixmosh@users.noreply.github.com>
Date: Thu, 30 Nov 2023 10:14:07 +0200
Subject: [PATCH] feat: allow to override cookie's httpOnly flag

---
 src/index.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/index.ts b/src/index.ts
index 4f41d14..0bdcc15 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -83,7 +83,7 @@ export function doubleCsrf({
     sameSite = "lax",
     path = "/",
     secure = true,
-    ...remainingCOokieOptions
+    ...remainingCookieOptions
   } = {},
   size = 64,
   ignoredMethods = ["GET", "HEAD", "OPTIONS"],
@@ -94,7 +94,7 @@ export function doubleCsrf({
     sameSite,
     path,
     secure,
-    ...remainingCOokieOptions,
+    ...remainingCookieOptions,
   };
 
   const invalidCsrfTokenError = createHttpError(403, "invalid csrf token", {
@@ -156,11 +156,11 @@ export function doubleCsrf({
       validateOnReuse
     );
     const cookieContent = `${csrfToken}|${csrfTokenHash}`;
-    res.cookie(cookieName, cookieContent, { ...cookieOptions, httpOnly: true });
+    res.cookie(cookieName, cookieContent, { httpOnly: true, ...cookieOptions });
     return csrfToken;
   };
 
-  const getCsrfCookieFromRequest = remainingCOokieOptions.signed
+  const getCsrfCookieFromRequest = remainingCookieOptions.signed
     ? (req: Request) => req.signedCookies[cookieName] as string
     : (req: Request) => req.cookies[cookieName] as string;