my own indieAuth provider!
indiko.dunkirk.sh/docs
indieauth
oauth2-server
feat: add secure cookie in prod
+8
-2
+8
-2
src/routes/auth.ts
+8
-2
src/routes/auth.ts
···
279
279
"INSERT INTO sessions (token, user_id, expires_at) VALUES (?, ?, ?)",
280
280
).run(token, user.id, expiresAt);
281
281
282
+
const isProduction = process.env.NODE_ENV === "production";
283
+
const secureCookie = isProduction ? "; Secure" : "";
284
+
282
285
return Response.json(
283
286
{
284
287
token,
···
287
290
},
288
291
{
289
292
headers: {
290
-
"Set-Cookie": `indiko_session=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400`,
293
+
"Set-Cookie": `indiko_session=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400${secureCookie}`,
291
294
},
292
295
},
293
296
);
···
478
481
"INSERT INTO sessions (token, user_id, expires_at) VALUES (?, ?, ?)",
479
482
).run(token, user.id, expiresAt);
480
483
484
+
const isProduction = process.env.NODE_ENV === "production";
485
+
const secureCookie = isProduction ? "; Secure" : "";
486
+
481
487
return Response.json(
482
488
{
483
489
token,
···
485
491
},
486
492
{
487
493
headers: {
488
-
"Set-Cookie": `indiko_session=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400`,
494
+
"Set-Cookie": `indiko_session=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400${secureCookie}`,
489
495
},
490
496
},
491
497
);