Merged in fix/webview-auth-fix-2 (pull request #2834)

feat/webview: delete cookie instead of setting header in webview auth middleware

* feat/webview: delete cookie instead of setting header in webview auth middleware

apps/scandic-web/middlewares/webView.ts

@@ -51,20 +51,19 @@ export const middleware: NextMiddleware = async (request) => {
 
   // If user is redirected to /lang/webview/refresh/, the webview token is invalid and we remove the cookie
   if (refreshWebviews.includes(nextUrl.pathname)) {
-    return NextResponse.rewrite(
+    const res = NextResponse.rewrite(
       new URL(
         `/${lang}/webview/refresh?${nextUrl.searchParams.toString()}`,
         nextUrl
       ),
       {
-        headers: {
-          "Set-Cookie": `webviewToken=0; Max-Age=0; Secure; HttpOnly; Path=/; SameSite=Strict;`,
-        },
         request: {
           headers,
         },
       }
     )
+    res.cookies.delete("webviewToken")
+    return res
   }
   const authorizationToken = request.headers.get("X-Authorization")
   const webviewTokenCookie = request.cookies.get("webviewToken")