Secure cookie

.env.example

@@ -15,6 +15,9 @@ DATABASE_PASS=icyauth
 SESSION_SECRET=32 char key
 CHALLENGE_SECRET=64 char key
 
+# Set "Secure" flag on the cookie
+SESSION_SECURE=true
+
 # OpenID Connect JWT (ID token) settings
 # Private keys for JWTs are stored as files in the private directory
 JWT_ALGORITHM=RS256

src/hooks.server.ts

@@ -1,4 +1,4 @@
-import { AUTO_MIGRATE, SESSION_SECRET } from '$env/static/private';
+import { AUTO_MIGRATE, SESSION_SECRET, SESSION_SECURE } from '$env/static/private';
 import { csrf } from '$lib/server/csrf';
 import { DB } from '$lib/server/drizzle';
 import { runSeeds } from '$lib/server/drizzle/seeds';
@@ -19,6 +19,9 @@ await runSeeds();
 export const handle = sequence(
 	csrf(['/oauth2/token', '/oauth2/introspect']),
 	handleSession({
-		secret: SESSION_SECRET
+		secret: SESSION_SECRET,
+		cookie: {
+			secure: SESSION_SECURE === 'true'
+		}
 	})
 );