fix: Add secure flag to auth cookie (#2637)

theopensystemslab · Jan 8, 2024 · 150d564 · 150d564
1 parent 25840a2
commit 150d564
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/api.planx.uk/modules/auth/controller.ts b/api.planx.uk/modules/auth/controller.ts
@@ -47,12 +47,12 @@ function setJWTCookie(returnTo: string, res: Response, req: Request) {
       new Date().setFullYear(new Date().getFullYear() + 1),
     ).getTime(),
     sameSite: "none",
+    secure: true,
   };
 
   const httpOnlyCookieOptions: CookieOptions = {
     ...defaultCookieOptions,
     httpOnly: true,
-    secure: true,
   };
 
   // Set secure, httpOnly cookie with JWT