Secure cookie

2024-06-06 20:27:38 +03:00 · 2024-06-06 20:27:38 +03:00 · a365c96733
commit a365c96733
parent 17821bfda3
2 changed files with 8 additions and 2 deletions
--- a/.env.example
+++ b/.env.example
@ -15,6 +15,9 @@ DATABASE_PASS=icyauth
 SESSION_SECRET=32 char key
 CHALLENGE_SECRET=64 char key

+# Set "Secure" flag on the cookie
+SESSION_SECURE=true
+
 # OpenID Connect JWT (ID token) settings
 # Private keys for JWTs are stored as files in the private directory
 JWT_ALGORITHM=RS256
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@ -1,4 +1,4 @@
-import { AUTO_MIGRATE, SESSION_SECRET } from '$env/static/private';
+import { AUTO_MIGRATE, SESSION_SECRET, SESSION_SECURE } from '$env/static/private';
 import { csrf } from '$lib/server/csrf';
 import { DB } from '$lib/server/drizzle';
 import { runSeeds } from '$lib/server/drizzle/seeds';
@ -19,6 +19,9 @@ await runSeeds();
 export const handle = sequence(
 	csrf(['/oauth2/token', '/oauth2/introspect']),
 	handleSession({
-		secret: SESSION_SECRET
+		secret: SESSION_SECRET,
+		cookie: {
+			secure: SESSION_SECURE === 'true'
+		}
 	})
 );