From c147b6046cf90338b80e7425e1c08976163f98c2 Mon Sep 17 00:00:00 2001 From: Mhanif26 Date: Thu, 11 Jun 2026 14:26:23 +0700 Subject: [PATCH] fix: support session cookie on HTTP deployment --- api/lib/cookies.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/api/lib/cookies.ts b/api/lib/cookies.ts index ca288e2..273d1be 100644 --- a/api/lib/cookies.ts +++ b/api/lib/cookies.ts @@ -7,11 +7,13 @@ function isLocalhost(headers: Headers): boolean { export function getSessionCookieOptions(headers: Headers): CookieOptions { const localhost = isLocalhost(headers); + const protocol = headers.get("x-forwarded-proto") || ""; + const isHttps = protocol === "https"; return { httpOnly: true, path: "/", - sameSite: localhost ? "Lax" : "None", - secure: !localhost, + sameSite: (localhost || !isHttps) ? "Lax" : "None", + secure: !localhost && isHttps, }; }