[PR #297] [MERGED] Fix auth cookie secure flag for HTTP in production #325

New Issue

Open

opened 2025-11-20 04:14:07 -05:00 by saavagebueno · 0 comments

saavagebueno commented 2025-11-20 04:14:07 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE-Local/pull/297
Author: @michelroegl-brunner
Created: 11/10/2025
Status: ✅ Merged
Merged: 11/10/2025
Merged by: @michelroegl-brunner

Base: main ← Head: fix/auth

---

📝 Commits (2)

• 86056c9 Fix auth loop
• 8c27eac Fix auth cookie secure flag for HTTP in production

📊 Changes

2 files changed (+10 additions, -2 deletions)

View changed files

📝 src/app/_components/AuthProvider.tsx (+6 -1)
📝 src/app/api/auth/login/route.ts (+4 -1)

📄 Description

Problem

Authentication was failing in production mode when accessing the app over HTTP. Users would log in successfully but then be redirected back to the login page.

Root Cause

The cookie flag was set based on , which meant cookies required HTTPS even when the app was accessed over HTTP. Browsers would not set or send the cookie, causing authentication to fail.

Solution

• Changed cookie flag to check the actual request protocol () instead of
• Cookies now work correctly in both HTTP and HTTPS environments
• Maintains security by still using when actually over HTTPS

Changes

• Modified to detect request protocol
• Added delay in to ensure cookie is available before verification (already committed)

Testing

• ✅ Works in development mode (npm run dev)
• ✅ Works in production mode over HTTP (npm start)
• ✅ Maintains security for HTTPS connections

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE-Local/pull/297 **Author:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Created:** 11/10/2025 **Status:** ✅ Merged **Merged:** 11/10/2025 **Merged by:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Base:** `main` ← **Head:** `fix/auth` --- ### 📝 Commits (2) - [`86056c9`](https://github.com/community-scripts/ProxmoxVE-Local/commit/86056c984d35be07e3cf47ed4549ba9c686c843d) Fix auth loop - [`8c27eac`](https://github.com/community-scripts/ProxmoxVE-Local/commit/8c27eacff75abe08d15caad8ece13ed365653c97) Fix auth cookie secure flag for HTTP in production ### 📊 Changes **2 files changed** (+10 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `src/app/_components/AuthProvider.tsx` (+6 -1) 📝 `src/app/api/auth/login/route.ts` (+4 -1) </details> ### 📄 Description ## Problem Authentication was failing in production mode when accessing the app over HTTP. Users would log in successfully but then be redirected back to the login page. ## Root Cause The cookie flag was set based on , which meant cookies required HTTPS even when the app was accessed over HTTP. Browsers would not set or send the cookie, causing authentication to fail. ## Solution - Changed cookie flag to check the actual request protocol () instead of - Cookies now work correctly in both HTTP and HTTPS environments - Maintains security by still using when actually over HTTPS ## Changes - Modified to detect request protocol - Added delay in to ensure cookie is available before verification (already committed) ## Testing - ✅ Works in development mode (npm run dev) - ✅ Works in production mode over HTTP (npm start) - ✅ Maintains security for HTTPS connections --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

saavagebueno added the pull-request label 2025-11-20 04:14:07 -05:00

saavagebueno referenced this issue 2025-11-20 04:14:20 -05:00

[PR #325] build(deps): Bump next from 15.5.6 to 16.0.3 #354

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/eslint-10.1.0

dependabot/npm_and_yarn/baseline-browser-mapping-2.10.12

dependabot/npm_and_yarn/prisma/client-7.6.0

dependabot/npm_and_yarn/vitest-4.1.2

dependabot/npm_and_yarn/trpc/server-11.16.0

update-version-v0.5.7

preserve_images

feature/pocketbase-migration

update-version-v0.5.6

fix/466

fix/405

fix/464

fix/312

fix/362

fix/438

fix/404

fix/365

feat/406

feat/419

feat/447

update_january_core

fix/465

fix/398

update-version-v0.5.5

MickLesk-patch-2

get_update_script

update-version-v0.5.4

fixes_update

update-version-v0.5.3

fix_db_initialization

update_footer

update_core

alert-autofix-4

update-version-v0.5.2

feat/use_new_core_features

feat/core_bump

fix/source-calls-path-resolution

update-version-v0.5.1

feat/clone_lxc_vm

fix/352

fix/357_356

update-version-v0.5.0

bugfixing_bumps

fix/vm_detection

fix/some_small_thnigs

fix/update_script

node24_securityfix

update-version-v0.4.13

MickLesk-patch-1

update-version-v0.4.12

bump_pve91

feat/lxc_backups

fix/320

localization

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.13

v0.4.12

v0.4.11

v0.4.10.3

v0.4.10.2

v0.4.10.1

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.1

v0.1.0

Labels

Clear labels

bug

enhancement

enhancement

feature

in progress

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

saavagebueno

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/ProxmoxVE-Local#325