From 3b047462780a6c154af77ebbe9c1a3f0f6f16a1c Mon Sep 17 00:00:00 2001
From: moonrailgun <moonrailgun@gmail.com>
Date: Fri, 11 Jun 2021 12:48:57 +0800
Subject: [PATCH] fix: samesite problem in cors request after chrome 80

After Chrome 80, the default samesite in cookie will be set to `Lax`.
And i am try to fix it. Disable SameSite policy when deploy by tls.

For more detail about Chrome 80, checkout:
- https://support.google.com/chrome/a/thread/27911174/chrome-80-release-notes-are-now-live?hl=en
- https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html

For more detail about SameSite, checkout:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
---
 app.js | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/app.js b/app.js
index fb56df2..acd3188 100644
--- a/app.js
+++ b/app.js
@@ -21,6 +21,7 @@ exec('npm info NeteaseCloudMusicApi version', (err, stdout, stderr) => {
 })
 
 const app = express()
+app.set('trust proxy', true)
 
 // CORS & Preflight request
 app.use((req, res, next) => {
@@ -93,7 +94,21 @@ fs.readdirSync(path.join(__dirname, 'module'))
       question(query, request)
         .then((answer) => {
           console.log('[OK]', decodeURIComponent(req.originalUrl))
-          res.append('Set-Cookie', answer.cookie)
+
+          const cookies = answer.cookie
+          if (Array.isArray(cookies) && cookies.length > 0) {
+            if (req.protocol === 'https') {
+              // Try to fix CORS SameSite Problem
+              res.append(
+                'Set-Cookie',
+                cookies.map((cookie) => {
+                  return cookie + '; SameSite=None; Secure'
+                }),
+              )
+            } else {
+              res.append('Set-Cookie', cookies)
+            }
+          }
           res.status(answer.status).send(answer.body)
         })
         .catch((answer) => {