feat: allow overriding session cookie secure flag

2025-09-18 09:56:34 +02:00
parent 92c2e9d780
commit e1989d39ec
5 changed files with 12 additions and 4 deletions
--- a/dist/main.js
+++ b/dist/main.js
@@ -11,6 +11,9 @@ async function bootstrap() {
    const requestSizeLimit = process.env.REQUEST_SIZE_LIMIT || '10mb';
    app.use((0, express_1.json)({ limit: requestSizeLimit }));
    app.use((0, express_1.urlencoded)({ limit: requestSizeLimit, extended: true }));
+    const sessionCookieSecure = process.env.SESSION_COOKIE_SECURE
+        ? process.env.SESSION_COOKIE_SECURE === 'true'
+        : process.env.NODE_ENV === 'production';
    app.use(session({
        secret: process.env.SESSION_SECRET || 'change-me',
        resave: false,
@@ -18,7 +21,7 @@ async function bootstrap() {
        cookie: {
            httpOnly: true,
            sameSite: process.env.SESSION_SAME_SITE ?? 'lax',
-            secure: process.env.NODE_ENV === 'production',
+            secure: sessionCookieSecure,
            maxAge: Number(process.env.SESSION_MAX_AGE ?? 1000 * 60 * 60 * 24 * 7),
        },
    }));