dashboard side bar and HTTPS_COOKIE changes#1
Conversation
…between bottom and sidebar content
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 61a27835fa
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
dashboard/lib/session.ts
Outdated
| cookieStore.set(SESSION_COOKIE_NAME, token, { | ||
| httpOnly: true, | ||
| secure: process.env.NODE_ENV === "production", | ||
| secure: process.env.HTTPS_COOKIE === "true", |
There was a problem hiding this comment.
createSession now sets the cookie secure flag based only on process.env.HTTPS_COOKIE === "true", so any deployment that leaves the new variable unset (as shown in .env.example) will emit non-secure auth cookies even in production; this is a regression from the prior NODE_ENV === "production" default and can expose session tokens whenever the service is reachable via plain HTTP (e.g., proxy misconfig or internal network access).
Useful? React with 👍 / 👎.
…. Fix build error in dashboard
1 participant
HTTPS_COOKIEin .env to control the storage of session cookies over http and https connections