ganigeorgiev
commented
7 months ago Thank you but I don't think this is necessary.
In general it should be OK the exported cookie to always have the secure attribute as most browsers has exception for localhost anyway (I think only Safari doesn't do it, yet).
Astro provides import.meta.env.PROD value out of the box. I believe the Astro example can be tweaked to avoid this problem:
https://github.com/pocketbase/pocketbase/discussions/3478
secure is set to false in DEV environment, and true in PROD.