root/chadebebe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): resolve cookie authentication failure over HTTP

Browse Source 
Cookies were set with secure flag based solely on NODE_ENV, causing
401 errors when accessing over HTTP with NODE_ENV=production.

- Add COOKIE_SECURE env var for explicit control
- Auto-detect HTTPS via X-Forwarded-Proto header in production
- Extract isSecureCookie() utility to lib/auth/utils.ts
- Document COOKIE_SECURE in README and .env.example

Fixes #39
This commit is contained in:
Michael T
2026-01-23 15:26:24 -05:00
parent be49b91188
commit 30c661a364
6 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/auth/utils.ts
View File

@@ -128,3 +128,16 @@ export function validateAdminCredentials(username: string, password: string): bo
return username === adminUsername && password === adminPassword;
}
export function isSecureCookie(request: { headers: { get(name: string): string | null }; url: string }): boolean {
if (process.env.COOKIE_SECURE !== undefined) {
return process.env.COOKIE_SECURE === 'true';
}
if (process.env.NODE_ENV === 'production') {
return (
request.headers.get('x-forwarded-proto') === 'https' ||
request.url.startsWith('https://')
);
}
return false;
}