Update secure cookie setting to conditionally use HTTPS protocol in authentication flows

2025-07-28 17:29:36 +02:00 · 2024-12-29 12:38:54 -05:00 · 2024-12-29 12:38:54 -05:00 · b5ac66a1cc
commit b5ac66a1cc
parent 8716efb613
3 changed files with 3 additions and 3 deletions
--- a/frontend/src/hooks.server.ts
+++ b/frontend/src/hooks.server.ts
@ -47,7 +47,7 @@ export const authHook: Handle = async ({ event, resolve }) => {
 						path: '/',
 						httpOnly: true,
 						sameSite: 'lax',
-						secure: true,
+						secure: event.url.protocol === 'https:',
 						expires: expiryDate
 					});
 				}