mikicv/tt-booking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix for cf compatibility

Browse Source
This commit is contained in:
mikicv
2025-10-08 22:49:20 +01:00
parent 566993b6e8
commit 72410be343
1 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/session.ts
+6 -10
View File
@@ -67,17 +67,15 @@ export async function createSession(payload: Omit<SessionPayload, 'expiresAt'>)
const cookieStore = await cookies();
// In production, always use secure cookies if NEXTAUTH_URL is https
// This handles Cloudflare tunnel scenarios where external URL is https
// but internal communication is http
const isSecure = process.env.NODE_ENV === 'production' &&
process.env.NEXTAUTH_URL?.startsWith('https');
// For Cloudflare tunnel: external is HTTPS, internal is HTTP
// Use secure cookies when NEXTAUTH_URL is https (external URL)
const isSecure = process.env.NEXTAUTH_URL?.startsWith('https') ?? false;
const cookieOptions = {
httpOnly: true,
secure: isSecure,
expires: expiresAt,
sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax',
sameSite: isSecure ? 'none' : 'lax', // none required for secure cross-site
path: '/',
} as const;
@@ -103,15 +101,13 @@ export async function updateSession() {
const expires = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
const newSession = await encrypt({ ...payload, expiresAt: expires });
// In production, always use secure cookies if NEXTAUTH_URL is https
const isSecure = process.env.NODE_ENV === 'production' &&
process.env.NEXTAUTH_URL?.startsWith('https');
const isSecure = process.env.NEXTAUTH_URL?.startsWith('https') ?? false;
cookieStore.set('session', newSession, {
httpOnly: true,
secure: isSecure,
expires: expires,
sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax',
sameSite: isSecure ? 'none' : 'lax',
path: '/',
});
}