root/chadebebe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): resolve cookie authentication failure over HTTP

Browse Source 
Cookies were set with secure flag based solely on NODE_ENV, causing
401 errors when accessing over HTTP with NODE_ENV=production.

- Add COOKIE_SECURE env var for explicit control
- Auto-detect HTTPS via X-Forwarded-Proto header in production
- Extract isSecureCookie() utility to lib/auth/utils.ts
- Document COOKIE_SECURE in README and .env.example

Fixes #39
This commit is contained in:
Michael T
2026-01-23 15:26:24 -05:00
parent be49b91188
commit 30c661a364
6 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example
View File

@@ -12,6 +12,11 @@ SECRET=
NODE_ENV=production
PORT=3000
# Cookie Security (Optional)
# Set to 'false' if accessing over HTTP (e.g., local LAN without HTTPS)
# When unset, auto-detects HTTPS via X-Forwarded-Proto header
# COOKIE_SECURE=false
# Timezone for logs (Optional)
TZ=America/New_York