From b5ac66a1ccd864c075b1bab6200cc01006f7d68d Mon Sep 17 00:00:00 2001
From: Sean Morley <zipsm15@gmail.com>
Date: Sun, 29 Dec 2024 12:38:54 -0500
Subject: [PATCH] Update secure cookie setting to conditionally use HTTPS
 protocol in authentication flows

---
 frontend/src/hooks.server.ts               | 2 +-
 frontend/src/routes/login/+page.server.ts  | 2 +-
 frontend/src/routes/signup/+page.server.ts | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/frontend/src/hooks.server.ts b/frontend/src/hooks.server.ts
index 98830a8..679a59d 100644
--- a/frontend/src/hooks.server.ts
+++ b/frontend/src/hooks.server.ts
@@ -47,7 +47,7 @@ export const authHook: Handle = async ({ event, resolve }) => {
 						path: '/',
 						httpOnly: true,
 						sameSite: 'lax',
-						secure: true,
+						secure: event.url.protocol === 'https:',
 						expires: expiryDate
 					});
 				}
diff --git a/frontend/src/routes/login/+page.server.ts b/frontend/src/routes/login/+page.server.ts
index 1b50518..adb0905 100644
--- a/frontend/src/routes/login/+page.server.ts
+++ b/frontend/src/routes/login/+page.server.ts
@@ -106,7 +106,7 @@ function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, respo
 				path: '/',
 				httpOnly: true,
 				sameSite: 'lax',
-				secure: true,
+				secure: event.url.protocol === 'https:',
 				expires: new Date(expiryString)
 			});
 		}
diff --git a/frontend/src/routes/signup/+page.server.ts b/frontend/src/routes/signup/+page.server.ts
index 4a1d857..813b471 100644
--- a/frontend/src/routes/signup/+page.server.ts
+++ b/frontend/src/routes/signup/+page.server.ts
@@ -93,7 +93,7 @@ export const actions: Actions = {
 						path: '/',
 						httpOnly: true,
 						sameSite: 'lax',
-						secure: true,
+						secure: event.url.protocol === 'https:',
 						expires: expiryDate
 					});
 				}