MaskingTechnology · petermasking · May 19, 2026 · May 14, 2026 · May 14, 2026 · May 14, 2026
@@ -1,7 +1,7 @@
 {
   "name": "jitar-plugins",
   "private": true,
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "repository": {
     "url": "git+https://github.com/MaskingTechnology/jitar-plugins.git"

@@ -39,7 +39,7 @@ const authProcedures = {
     logout: 'domain/authentication/logout'
 };
 
-// The client path to return to after a succesful login
+// The client path to return to after a successful login
 const redirectPath = '/afterlogin';
 
 const whiteList: string[] = [
@@ -49,7 +49,7 @@ const whiteList: string[] = [
 export default new AuthenticationMiddleware(identityProvider, authProcedures, redirectPath, whiteList);
 ```
 
-The requester middleware operates on the client side (web browser) and provides auth informations with every request.
+The requester middleware operates on the client side (web browser) and provides auth information with every request.
 
 ```ts
 // src/middleware/requesterMiddleware.ts
@@ -63,7 +63,7 @@ const authorization = key !== undefined ? `Bearer ${key}` : undefined;
 export default new RequesterMiddleware(authorization);
 ```
 
-To make sure the client redirects to the original location after login, we also need a third middleware comming from the http package.
+To make sure the client redirects to the original location after login, we also need a third middleware coming from the http package.
 
 ```ts
 // src/middleware/originMiddleware.ts
@@ -78,7 +78,7 @@ export default new OriginMiddleware();
 With the middleware in place, the need to be activated.
 
 For the server side, this means adding the authentication middleware to the service configuration.
-This is most likily the proxy / standalone service.
+This is most likely the proxy / standalone service.
 
 ```json
 /* services/proxy.json */
@@ -151,7 +151,7 @@ export default async function login(identity: Identity): Promise<Requester>
 export default async function logout(): Promise<void>
 {
     // The authentication middleware will handle the logout.
-    // Implementent additional logic here.
+    // Implement additional logic here.
 }
 ```
 
@@ -169,7 +169,7 @@ The procedures need to be exposed publicly to make them acessible.
 
 ### Step 5 - Implement the client redirect path
 
-This path will be called after a succesful login with the session key.
+This path will be called after a successful login with the session key.
 
 ```http
 GET http://app.example.com/afterlogin?key=XXXXXX

@@ -1,7 +1,7 @@
 {
   "name": "@jitar-plugins/authentication",
   "private": false,
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "repository": {
     "url": "git+https://github.com/MaskingTechnology/jitar-plugins.git"

@@ -1,7 +1,7 @@
 {
   "name": "@jitar-plugins/database",
   "private": false,
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "repository": {
     "url": "git+https://github.com/MaskingTechnology/jitar-plugins.git"

@@ -1,7 +1,7 @@
 {
   "name": "@jitar-plugins/eventbroker",
   "private": false,
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "repository": {
     "url": "git+https://github.com/MaskingTechnology/jitar-plugins.git"

@@ -1,7 +1,7 @@
 {
   "name": "@jitar-plugins/filestore",
   "private": false,
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "repository": {
     "url": "git+https://github.com/MaskingTechnology/jitar-plugins.git"

@@ -6,9 +6,9 @@ This package provides plugins for integrating the HTTP protocol in Jitar applica
 It contains two types of middleware:
 
 * **CORS** - configures cross-origin requests.
-* **Origin** - ensures the avaiability of the origin header.
+* **Origin** - stores the origin in a cookie to ensure availability across requests.
 
-Both can be used indenpendently.
+Both can be used independently.
 
 ## Installation
 
@@ -29,7 +29,7 @@ Follow the following steps to configure and use the middleware.
 
 import { CorsMiddleware } from '@jitar-plugins/http';
 
-const origin = '*'; // allowed orgins (optional, default: *)
+const origin = '*'; // allowed origins (optional, default: *)
 const headers = '*'; // allowed headers (optional, default: *)
 
 export default new CorsMiddleware(origin, headers);
@@ -42,12 +42,18 @@ export default new CorsMiddleware(origin, headers);
 
 import { OriginMiddleware } from '@jitar-plugins/http';
 
-export default new OriginMiddleware(); // no configuration options
+const options = {
+    path: '/rpc', // the path the cookie is valid for (optional, default: '/')
+    sameSite: 'Strict' | 'Lax' | 'None', // the SameSite attribute of the cookie (optional, default: 'Strict')
+    secure: true // the Secure attribute of the cookie (optional, default: true)
+};
+
+export default new OriginMiddleware(options);
 ```
 
 ### Step 2 - Activate the middleware
 
-With the health check in place, it needs to be activated by registering it to the proxy / standalone / worker service.
+With the middleware in place, it needs to be activated by registering it to the proxy / standalone / worker service.
 
 ```json
 /* services/proxy.json */

@@ -1,7 +1,7 @@
 {
   "name": "@jitar-plugins/http",
   "private": false,
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "repository": {
     "url": "git+https://github.com/MaskingTechnology/jitar-plugins.git"

@@ -4,8 +4,25 @@ import { BadRequest } from 'jitar';
 
 const ORIGIN_COOKIE_NAME = 'x-client-origin';
 
+type Options = {
+    path?: string
+    sameSite?: string;
+    secure?: boolean
+}
+
 export default class OriginMiddleware implements Middleware
 {
+    #path: string;
+    #sameSite: string;
+    #secure: boolean;
+
+    constructor(options?: Options)
+    {
+        this.#path = options?.path ?? '/rpc';
+        this.#sameSite = options?.sameSite ?? 'Strict';
+        this.#secure = options?.secure ?? true;
+    }
+
     async handle(request: Request, next: NextHandler): Promise<Response>
     {
         let fromCookie = true;
@@ -78,6 +95,13 @@ export default class OriginMiddleware implements Middleware
 
     #setOriginCookie(response: Response, origin: string): void
     {
-        response.setHeader('Set-Cookie', `${ORIGIN_COOKIE_NAME}=${origin}; Path=/; HttpOnly=true; SameSite=None; Secure`);
+        let cookie = `${ORIGIN_COOKIE_NAME}=${origin}; Path=${this.#path}; HttpOnly; SameSite=${this.#sameSite}`;
+
+        if (this.#secure)
+        {
+            cookie += ' Secure';
+        }
+
+        response.setHeader('Set-Cookie', cookie);
     }
 }
@@ -1,7 +1,7 @@
 {
   "name": "@jitar-plugins/notification",
   "private": false,
-  "version": "0.1.4",
+  "version": "0.1.5",
   "type": "module",
   "repository": {
     "url": "git+https://github.com/MaskingTechnology/jitar-plugins.git"

@@ -1,15 +1,15 @@
 {
   "compilerOptions": {
+    "types": ["node"],
+    "target": "esnext",
     "module": "nodenext",
     "moduleResolution": "nodenext",
     "isolatedModules": true,
     "noEmit": false,
     "declaration": true,
-    "target": "esnext",
     "useDefineForClassFields": true,
     "allowJs": false,
     "skipLibCheck": true,
-    "esModuleInterop": false,
     "allowSyntheticDefaultImports": true,
     "strict": true,
     "forceConsistentCasingInFileNames": true