fix: enable secure cookies if app url starts with https

2024-09-24 12:21:41 +02:00
parent ee73293c0f
commit 69752b8b41
3 changed files with 22 additions and 3 deletions
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -272,9 +272,11 @@ export class AuthService {
    refreshToken?: string,
    accessToken?: string,
  ) {
+    const isSecure = this.config.get("general.appUrl").startsWith("https");
    if (accessToken)
      response.cookie("access_token", accessToken, {
        sameSite: "lax",
+        secure: isSecure,
        maxAge: 1000 * 60 * 60 * 24 * 30 * 3, // 3 months
      });
    if (refreshToken)
@@ -282,6 +284,7 @@ export class AuthService {
        path: "/api/auth/token",
        httpOnly: true,
        sameSite: "strict",
+        secure: isSecure,
        maxAge: 1000 * 60 * 60 * this.config.get("general.sessionDuration"),
      });
  }