30c661a364
Cookies were set with secure flag based solely on NODE_ENV, causing 401 errors when accessing over HTTP with NODE_ENV=production. - Add COOKIE_SECURE env var for explicit control - Auto-detect HTTPS via X-Forwarded-Proto header in production - Extract isSecureCookie() utility to lib/auth/utils.ts - Document COOKIE_SECURE in README and .env.example Fixes #39
25 lines
652 B
Plaintext
25 lines
652 B
Plaintext
# Admin Credentials (REQUIRED)
|
|
# Set a strong username and password for the admin account
|
|
ADMIN_USERNAME=admin
|
|
ADMIN_PASSWORD=changeme
|
|
|
|
# JWT Secret (Optional - auto-generated if not provided)
|
|
# For production, generate a secure random string:
|
|
# openssl rand -base64 32
|
|
SECRET=
|
|
|
|
# Application Settings (Optional)
|
|
NODE_ENV=production
|
|
PORT=3000
|
|
|
|
# Cookie Security (Optional)
|
|
# Set to 'false' if accessing over HTTP (e.g., local LAN without HTTPS)
|
|
# When unset, auto-detects HTTPS via X-Forwarded-Proto header
|
|
# COOKIE_SECURE=false
|
|
|
|
# Timezone for logs (Optional)
|
|
TZ=America/New_York
|
|
|
|
# Default currency for wishlist items (Optional)
|
|
DEFAULT_CURRENCY=USD
|