fix: add COOKIE_SECURE environment variable to control cookie security
Allows cookies to work over HTTP even in production mode by setting COOKIE_SECURE=false. This is needed for local Docker deployments that use HTTP instead of HTTPS. When COOKIE_SECURE=false, the secure flag is disabled on cookies. When COOKIE_SECURE is not set or set to any other value, it defaults to the production mode behavior (secure cookies in production).
This commit is contained in:
Chris Veleris
parent
a3369d2c74
commit
003844c7cd
1 changed files with 1 additions and 1 deletions
|
|
@ -85,7 +85,7 @@ const sessionMiddleware = session({
|
|||
saveUninitialized: false,
|
||||
cookie: {
|
||||
httpOnly: true,
|
||||
secure: config.production,
|
||||
secure: process.env.COOKIE_SECURE !== 'false' && config.production,
|
||||
maxAge: 2592000000, // 30 days
|
||||
sameSite: 'lax',
|
||||
},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue