From f850beb9e74fe5b7fcb3e610ec3e2c40b851807d Mon Sep 17 00:00:00 2001 From: Ada Date: Tue, 6 Jan 2026 13:40:38 -0500 Subject: [PATCH] Configures cookie settings for OAuth. Updates cookie settings to ensure proper OAuth functionality. The "sameSite" attribute is set to "none", and "secure" attribute is set to "isProd" for production environments. Also removes temporary cookie test route. --- src/app.ts | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/src/app.ts b/src/app.ts index aa186f3..c801975 100644 --- a/src/app.ts +++ b/src/app.ts @@ -176,16 +176,16 @@ export function createApp() { cookie: { httpOnly: true, - // ✅ must be true when sameSite is "none" - secure: isProd, + // ✅ must be true when sameSite is "none" + secure: isProd, - sameSite: cookieSameSite, + sameSite: "none", - // ✅ allow cookie across root + api subdomain (prod only) - domain: isProd ? ".thehumanpatternlab.com" : undefined, + // ✅ allow cookie across root + api subdomain (prod only) + domain: isProd ? ".thehumanpatternlab.com" : undefined, - // Optional: makes sessions survive restarts for a bit - // maxAge: 1000 * 60 * 60 * 24 * 7, + // Optional: makes sessions survive restarts for a bit + // maxAge: 1000 * 60 * 60 * 24 * 7, }, }) ); @@ -217,18 +217,6 @@ export function createApp() { }); }); - //TODO: THIS IS TEMP - app.get("/auth/cookie-test", (req, res) => { - (req.session as any).cookie_test = Date.now(); - - res.json({ - ok: true, - wrote: true, - hasCookieHeader: Boolean(req.headers.cookie), - sessionID: req.sessionID, - }); - }); - /* =========================================================== 12) ROUTES (LAST) -----------------------------------------------------------