fix(nextjs): Set keyless cookie on Safari (#5696)

panteliselef · web-flow · commit 5f0befedc2db · 2025-04-23T17:29:35.000+03:00
diff --git a/.changeset/thick-beers-wave.md b/.changeset/thick-beers-wave.md
@@ -0,0 +1,5 @@
+---
+'@clerk/nextjs': patch
+---
+
+Resolved an issue with Keyless on Safari where users appeared to be signed out immediately after a successful sign-in.
diff --git a/packages/nextjs/src/app-router/keyless-actions.ts b/packages/nextjs/src/app-router/keyless-actions.ts
@@ -8,6 +8,14 @@ import { detectClerkMiddleware } from '../server/headers-utils';
 import { getKeylessCookieName, getKeylessCookieValue } from '../server/keyless';
 import { canUseKeyless } from '../utils/feature-flags';
 
+type SetCookieOptions = Parameters<Awaited<ReturnType<typeof cookies>>['set']>[2];
+
+const keylessCookieConfig = {
+  secure: false,
+  httpOnly: false,
+  sameSite: 'lax',
+} satisfies SetCookieOptions;
+
 export async function syncKeylessConfigAction(args: AccountlessApplication & { returnUrl: string }): Promise<void> {
   const { claimUrl, publishableKey, secretKey, returnUrl } = args;
   const cookieStore = await cookies();
@@ -22,10 +30,11 @@ export async function syncKeylessConfigAction(args: AccountlessApplication & { r
   }
 
   // Set the new keys in the cookie.
-  cookieStore.set(await getKeylessCookieName(), JSON.stringify({ claimUrl, publishableKey, secretKey }), {
-    secure: true,
-    httpOnly: true,
-  });
+  cookieStore.set(
+    await getKeylessCookieName(),
+    JSON.stringify({ claimUrl, publishableKey, secretKey }),
+    keylessCookieConfig,
+  );
 
   // We cannot import `NextRequest` due to a bundling issue with server actions in Next.js 13.
   // @ts-expect-error Request will work as well
@@ -63,11 +72,11 @@ export async function createOrReadKeylessAction(): Promise<null | Omit<Accountle
   });
 
   const { claimUrl, publishableKey, secretKey, apiKeysUrl } = result;
-
-  void (await cookies()).set(await getKeylessCookieName(), JSON.stringify({ claimUrl, publishableKey, secretKey }), {
-    secure: false,
-    httpOnly: false,
-  });
+  void (await cookies()).set(
+    await getKeylessCookieName(),
+    JSON.stringify({ claimUrl, publishableKey, secretKey }),
+    keylessCookieConfig,
+  );
 
   return {
     claimUrl,

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@clerk/nextjs': patch
 +---
++
 +Resolved an issue with Keyless on Safari where users appeared to be signed out immediately after a successful sign-in.