Willie.Veldkamp/ProxmoxVE-Local
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix auth cookie secure flag for HTTP in production

Browse Source 
- Changed cookie secure flag to check actual request protocol instead of NODE_ENV
- Cookies now work correctly in production when accessing over HTTP
- Fixes authentication redirect issue in production mode
This commit is contained in:
Michel Roegl-Brunner
2025-11-10 12:05:47 +01:00
parent 86056c984d
commit 8c27eacff7
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/app/api/auth/login/route.ts
View File

@@ -47,10 +47,13 @@ export async function POST(request: NextRequest) {
username
});
// Determine if request is over HTTPS
const isSecure = request.url.startsWith('https://');
// Set httpOnly cookie with configured duration
response.cookies.set('auth-token', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
secure: isSecure, // Only secure if actually over HTTPS
sameSite: 'strict',
maxAge: sessionDurationDays * 24 * 60 * 60, // Use configured duration
path: '/',