Michael T 30c661a364 fix(auth): resolve cookie authentication failure over HTTP ...

Cookies were set with secure flag based solely on NODE_ENV, causing
401 errors when accessing over HTTP with NODE_ENV=production.

- Add COOKIE_SECURE env var for explicit control
- Auto-detect HTTPS via X-Forwarded-Proto header in production
- Extract isSecureCookie() utility to lib/auth/utils.ts
- Document COOKIE_SECURE in README and .env.example

Fixes #39

2026-01-23 15:26:24 -05:00

1.5 KiB

Raw Blame History

View Raw