saavagebueno/ProxmoxVE-Local
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVE-Local.git synced 2026-04-05 08:54:02 -04:00
Code Issues 78 Packages Projects Releases 7 Wiki Activity

Fix auth cookie secure flag for HTTP in production

Browse Source 
- Changed cookie secure flag to check actual request protocol instead of NODE_ENV
- Cookies now work correctly in production when accessing over HTTP
- Fixes authentication redirect issue in production mode
This commit is contained in:
Michel Roegl-Brunner
2025-11-10 12:05:47 +01:00
parent 86056c984d
commit 8c27eacff7
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/app/api/auth/login/route.ts
View File

@@ -47,10 +47,13 @@ export async function POST(request: NextRequest) {
username username
}); });
// Determine if request is over HTTPS
const isSecure = request.url.startsWith('https://');
// Set httpOnly cookie with configured duration // Set httpOnly cookie with configured duration
response.cookies.set('auth-token', token, { response.cookies.set('auth-token', token, {
httpOnly: true, httpOnly: true,
secure: process.env.NODE_ENV === 'production', secure: isSecure, // Only secure if actually over HTTPS
sameSite: 'strict', sameSite: 'strict',
maxAge: sessionDurationDays * 24 * 60 * 60, // Use configured duration maxAge: sessionDurationDays * 24 * 60 * 60, // Use configured duration
path: '/', path: '/',