fix: support session cookie on HTTP deployment
This commit is contained in:
+4
-2
@@ -7,11 +7,13 @@ function isLocalhost(headers: Headers): boolean {
|
|||||||
|
|
||||||
export function getSessionCookieOptions(headers: Headers): CookieOptions {
|
export function getSessionCookieOptions(headers: Headers): CookieOptions {
|
||||||
const localhost = isLocalhost(headers);
|
const localhost = isLocalhost(headers);
|
||||||
|
const protocol = headers.get("x-forwarded-proto") || "";
|
||||||
|
const isHttps = protocol === "https";
|
||||||
|
|
||||||
return {
|
return {
|
||||||
httpOnly: true,
|
httpOnly: true,
|
||||||
path: "/",
|
path: "/",
|
||||||
sameSite: localhost ? "Lax" : "None",
|
sameSite: (localhost || !isHttps) ? "Lax" : "None",
|
||||||
secure: !localhost,
|
secure: !localhost && isHttps,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user