fix: support session cookie on HTTP deployment

This commit is contained in:
2026-06-11 14:26:23 +07:00
parent 908a3e46ae
commit c147b6046c
+4 -2
View File
@@ -7,11 +7,13 @@ function isLocalhost(headers: Headers): boolean {
export function getSessionCookieOptions(headers: Headers): CookieOptions {
const localhost = isLocalhost(headers);
const protocol = headers.get("x-forwarded-proto") || "";
const isHttps = protocol === "https";
return {
httpOnly: true,
path: "/",
sameSite: localhost ? "Lax" : "None",
secure: !localhost,
sameSite: (localhost || !isHttps) ? "Lax" : "None",
secure: !localhost && isHttps,
};
}