[PR #297] Fix auth cookie secure flag for HTTP in production #329

New Issue

saavagebueno · 2025-11-20T04:14:07-05:00

saavagebueno commented

2025-11-20 04:14:07 -05:00

Original Pull Request: https://github.com/community-scripts/ProxmoxVE-Local/pull/297

State: closed
Merged: Yes

Problem

Authentication was failing in production mode when accessing the app over HTTP. Users would log in successfully but then be redirected back to the login page.

Root Cause

The cookie flag was set based on , which meant cookies required HTTPS even when the app was accessed over HTTP. Browsers would not set or send the cookie, causing authentication to fail.

Solution

Changed cookie flag to check the actual request protocol () instead of
Cookies now work correctly in both HTTP and HTTPS environments
Maintains security by still using when actually over HTTPS

Changes

Modified to detect request protocol
Added delay in to ensure cookie is available before verification (already committed)

Testing

✅ Works in development mode (npm run dev)
✅ Works in production mode over HTTP (npm start)
✅ Maintains security for HTTPS connections

**Original Pull Request:** https://github.com/community-scripts/ProxmoxVE-Local/pull/297 **State:** closed **Merged:** Yes --- ## Problem Authentication was failing in production mode when accessing the app over HTTP. Users would log in successfully but then be redirected back to the login page. ## Root Cause The cookie flag was set based on , which meant cookies required HTTPS even when the app was accessed over HTTP. Browsers would not set or send the cookie, causing authentication to fail. ## Solution - Changed cookie flag to check the actual request protocol () instead of - Cookies now work correctly in both HTTP and HTTPS environments - Maintains security by still using when actually over HTTPS ## Changes - Modified to detect request protocol - Added delay in to ensure cookie is available before verification (already committed) ## Testing - ✅ Works in development mode (npm run dev) - ✅ Works in production mode over HTTP (npm start) - ✅ Maintains security for HTTPS connections

saavagebueno added the pull-request label 2025-11-20 04:14:07 -05:00

saavagebueno closed this issue

2025-11-20 04:14:07 -05:00

saavagebueno referenced this issue

2025-11-20 04:14:22 -05:00

[PR #329] [MERGED] build(deps-dev): Bump eslint from 9.38.0 to 9.39.1 #362

Sign in to join this conversation.

Branches Tags

main

dependabot/npm_and_yarn/eslint-10.1.0

dependabot/npm_and_yarn/baseline-browser-mapping-2.10.12

dependabot/npm_and_yarn/prisma/client-7.6.0

dependabot/npm_and_yarn/vitest-4.1.2

dependabot/npm_and_yarn/trpc/server-11.16.0

update-version-v0.5.7

preserve_images

feature/pocketbase-migration

update-version-v0.5.6

fix/466

fix/405

fix/464

fix/312

fix/362

fix/438

fix/404

fix/365

feat/406

feat/419

feat/447

update_january_core

fix/465

fix/398

update-version-v0.5.5

MickLesk-patch-2

get_update_script

update-version-v0.5.4

fixes_update

update-version-v0.5.3

fix_db_initialization

update_footer

update_core

alert-autofix-4

update-version-v0.5.2

feat/use_new_core_features

feat/core_bump

fix/source-calls-path-resolution

update-version-v0.5.1

feat/clone_lxc_vm

fix/352

fix/357_356

update-version-v0.5.0

bugfixing_bumps

fix/vm_detection

fix/some_small_thnigs

fix/update_script

node24_securityfix

update-version-v0.4.13

MickLesk-patch-1

update-version-v0.4.12

bump_pve91

feat/lxc_backups

fix/320

localization

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/ProxmoxVE-Local#329