Closed AmnezziaCS closed 9 months ago
Cookies should be safe (secure and same site properties) on a production deployment even when debugging.
secure
same site
Cookies are missing the secure and same site properties on a production ECS deployment when DEV_MODE is set to true.
DEV_MODE
This is where cookies are sent: https://github.com/nfroidure/whook/blob/main/packages/whook-oauth2/src/handlers/postAuthLogin.ts#L100-L103
Where cookies are built: https://github.com/nfroidure/whook/blob/main/packages/whook-oauth2/src/services/authCookies.ts
Expected behavior
Cookies should be safe (
secureandsame siteproperties) on a production deployment even when debugging.Actual behavior
Cookies are missing the
secureandsame siteproperties on a production ECS deployment whenDEV_MODEis set to true.This is where cookies are sent: https://github.com/nfroidure/whook/blob/main/packages/whook-oauth2/src/handlers/postAuthLogin.ts#L100-L103
Where cookies are built: https://github.com/nfroidure/whook/blob/main/packages/whook-oauth2/src/services/authCookies.ts