chore: npm run prepare-pr

api/docs/tough-cookie.cookiejar.setcookie.md

@@ -87,5 +87,5 @@ void
 
 - If successfully persisted, the [Cookie](./tough-cookie.cookie.md) will have updated [Cookie.creation](./tough-cookie.cookie.creation.md)<!-- -->, [Cookie.lastAccessed](./tough-cookie.cookie.lastaccessed.md) and [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) properties.
 
-- As per the RFC, the [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) flag is set if there was no `Domain={value}` atttribute on the cookie string. The [Cookie.domain](./tough-cookie.cookie.domain.md) property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a [domainMatch()](./tough-cookie.domainmatch.md) as per usual)
+- As per the RFC, the [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) flag is set if there was no `Domain={value}` attribute on the cookie string. The [Cookie.domain](./tough-cookie.cookie.domain.md) property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a [domainMatch()](./tough-cookie.domainmatch.md) as per usual)
 

api/docs/tough-cookie.cookiejar.setcookie_1.md

@@ -103,5 +103,5 @@ void
 
 - If successfully persisted, the [Cookie](./tough-cookie.cookie.md) will have updated [Cookie.creation](./tough-cookie.cookie.creation.md)<!-- -->, [Cookie.lastAccessed](./tough-cookie.cookie.lastaccessed.md) and [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) properties.
 
-- As per the RFC, the [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) flag is set if there was no `Domain={value}` atttribute on the cookie string. The [Cookie.domain](./tough-cookie.cookie.domain.md) property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a [domainMatch()](./tough-cookie.domainmatch.md) as per usual)
+- As per the RFC, the [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) flag is set if there was no `Domain={value}` attribute on the cookie string. The [Cookie.domain](./tough-cookie.cookie.domain.md) property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a [domainMatch()](./tough-cookie.domainmatch.md) as per usual)
 

api/docs/tough-cookie.cookiejar.setcookie_2.md

@@ -87,5 +87,5 @@ Promise<[Cookie](./tough-cookie.cookie.md) \| undefined>
 
 - If successfully persisted, the [Cookie](./tough-cookie.cookie.md) will have updated [Cookie.creation](./tough-cookie.cookie.creation.md)<!-- -->, [Cookie.lastAccessed](./tough-cookie.cookie.lastaccessed.md) and [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) properties.
 
-- As per the RFC, the [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) flag is set if there was no `Domain={value}` atttribute on the cookie string. The [Cookie.domain](./tough-cookie.cookie.domain.md) property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a [domainMatch()](./tough-cookie.domainmatch.md) as per usual)
+- As per the RFC, the [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) flag is set if there was no `Domain={value}` attribute on the cookie string. The [Cookie.domain](./tough-cookie.cookie.domain.md) property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a [domainMatch()](./tough-cookie.domainmatch.md) as per usual)
 

api/docs/tough-cookie.cookiejar.setcookiesync.md

@@ -89,5 +89,5 @@ _(Optional)_ Configuration settings to use when storing the cookie.
 
 - If successfully persisted, the [Cookie](./tough-cookie.cookie.md) will have updated [Cookie.creation](./tough-cookie.cookie.creation.md)<!-- -->, [Cookie.lastAccessed](./tough-cookie.cookie.lastaccessed.md) and [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) properties.
 
-- As per the RFC, the [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) flag is set if there was no `Domain={value}` atttribute on the cookie string. The [Cookie.domain](./tough-cookie.cookie.domain.md) property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a [domainMatch()](./tough-cookie.domainmatch.md) as per usual)
+- As per the RFC, the [Cookie.hostOnly](./tough-cookie.cookie.hostonly.md) flag is set if there was no `Domain={value}` attribute on the cookie string. The [Cookie.domain](./tough-cookie.cookie.domain.md) property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a [domainMatch()](./tough-cookie.domainmatch.md) as per usual)
 

api/docs/tough-cookie.getcookiesoptions.allowsecureonlocal.md

@@ -0,0 +1,22 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [tough-cookie](./tough-cookie.md) &gt; [GetCookiesOptions](./tough-cookie.getcookiesoptions.md) &gt; [allowSecureOnLocal](./tough-cookie.getcookiesoptions.allowsecureonlocal.md)
+
+## GetCookiesOptions.allowSecureOnLocal property
+
+Flag to indicate if localhost and loopback addresses with an unsecure scheme should retrieve `Secure` cookies.
+
+If `true`<!-- -->, localhost, loopback addresses or similarly local addresses are treated as secure contexts and thus will retrieve `Secure` cookies even with an unsecure scheme.
+
+If `false`<!-- -->, only secure schemes (`https` and `wss`<!-- -->) will retrieve `Secure` cookies.
+
+**Signature:**
+
+```typescript
+allowSecureOnLocal?: boolean | undefined;
+```
+
+## Remarks
+
+When set to `true`<!-- -->, the [potentially trustworthy](https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-origin) algorithm is followed to determine if a URL is considered a secure context.
+

api/docs/tough-cookie.getcookiesoptions.expire.md

@@ -14,7 +14,7 @@ expire?: boolean | undefined;
 
 ## Remarks
 
-- Using `false` returns expired cookies and does not remove them from the store which is potentially useful for replaying `Set-Cookie` headers.
+- Using `false` returns expired cookies and does not remove them from the store, which is potentially useful for replaying `Set-Cookie` headers.
 
 Defaults to `true` if not provided.
 

api/docs/tough-cookie.getcookiesoptions.md

@@ -37,6 +37,29 @@ Description
 </th></tr></thead>
 <tbody><tr><td>
 
+[allowSecureOnLocal?](./tough-cookie.getcookiesoptions.allowsecureonlocal.md)
+
+
+</td><td>
+
+
+</td><td>
+
+boolean \| undefined
+
+
+</td><td>
+
+_(Optional)_ Flag to indicate if localhost and loopback addresses with an unsecure scheme should retrieve `Secure` cookies.
+
+If `true`<!-- -->, localhost, loopback addresses or similarly local addresses are treated as secure contexts and thus will retrieve `Secure` cookies even with an unsecure scheme.
+
+If `false`<!-- -->, only secure schemes (`https` and `wss`<!-- -->) will retrieve `Secure` cookies.
+
+
+</td></tr>
+<tr><td>
+
 [allPaths?](./tough-cookie.getcookiesoptions.allpaths.md)
 
 
@@ -117,7 +140,7 @@ _(Optional)_ Set this to 'none', 'lax', or 'strict' to enforce SameSite cookies
 
 - `'none'` - This indicates a cross-origin request.
 
-- `undefined` - SameSite is not be enforced! This can be a valid use-case for when CSRF isn't in the threat model of the system being built.
+- `undefined` - SameSite is not enforced! This can be a valid use-case for when CSRF isn't in the threat model of the system being built.
 
 Defaults to `undefined` if not provided.
 

api/docs/tough-cookie.getcookiesoptions.samesitecontext.md

@@ -12,7 +12,7 @@ Set this to 'none', 'lax', or 'strict' to enforce SameSite cookies upon retrieva
 
 - `'none'` - This indicates a cross-origin request.
 
-- `undefined` - SameSite is not be enforced! This can be a valid use-case for when CSRF isn't in the threat model of the system being built.
+- `undefined` - SameSite is not enforced! This can be a valid use-case for when CSRF isn't in the threat model of the system being built.
 
 Defaults to `undefined` if not provided.
 

api/docs/tough-cookie.setcookieoptions.md

@@ -142,7 +142,7 @@ _(Optional)_ Set this to 'none', 'lax', or 'strict' to enforce SameSite cookies
 
 - `'none'` - This indicates a cross-origin request.
 
-- `undefined` - SameSite is not be enforced! This can be a valid use-case for when CSRF isn't in the threat model of the system being built.
+- `undefined` - SameSite is not enforced! This can be a valid use-case for when CSRF isn't in the threat model of the system being built.
 
 Defaults to `undefined` if not provided.
 

api/docs/tough-cookie.setcookieoptions.samesitecontext.md

@@ -12,7 +12,7 @@ Set this to 'none', 'lax', or 'strict' to enforce SameSite cookies upon storage.
 
 - `'none'` - This indicates a cross-origin request.
 
-- `undefined` - SameSite is not be enforced! This can be a valid use-case for when CSRF isn't in the threat model of the system being built.
+- `undefined` - SameSite is not enforced! This can be a valid use-case for when CSRF isn't in the threat model of the system being built.
 
 Defaults to `undefined` if not provided.
 

api/tough-cookie.api.md

@@ -168,6 +168,7 @@ export function fromJSON(str: unknown): Cookie | undefined;
 
 // @public
 export interface GetCookiesOptions {
+    allowSecureOnLocal?: boolean | undefined;
     allPaths?: boolean | undefined;
     expire?: boolean | undefined;
     http?: boolean | undefined;