ciscoheat
commented
1 year ago Could be, I'm not sure. The sameSite option could be related.
Closed benquan closed 1 year ago
benquan
commented
1 year ago Used you example in #19 and it worked!
The code if anyone has a similar issue:
import { loadFlash, flashCookieOptions } from 'sveltekit-flash-message/server';
flashCookieOptions.sameSite = 'none';
flashCookieOptions.secure = true;
export const load = loadFlash(async ({ locals }) => {
const ans = await locals.auth.validate();
if (ans) return { user: ans.user };
});
Great that it worked! Could you just check one thing: SvelteKit sets secure to true as default, can you remove that option and see if it still is secure? In that case, I'll update the docs.
ciscoheat
commented
1 year ago Or rather, it shouldn't be secure on localhost with http, but secure otherwise.
benquan
commented
1 year ago where would I set the option in Sveltekit?
ciscoheat
commented
1 year ago It's the default setting, so you just have to remove it, and see if it works both in dev and when built + https.
benquan
commented
1 year ago Ohh gotcha. But no, it does not work if I remove the line. Just checked in dev.
ciscoheat
commented
1 year ago Ok, probably because the Google url is https!
I have a callback from google authentication using Lucia.
the callback calls the route:
/auth/callback/google/server.ts
I have simplified the endpoint to the bare minimum:
so google will respond with something like this:
When Google executes the callback The page gets forwarded to / but I do not get the flash message.
If i just copy the google link and paste it in the browser, then I get redirected to / and the flash message works.
Is there an issue with CORS or am I missing something?
Ben