fix: use default nextauth logic for secure cookies

2025-11-13 16:23:06 +10:00 · 2024-12-03 21:35:09 +11:00
parent 4282a96ee7
commit fc84ee8ec2
1 changed files with 2 additions and 1 deletions
--- a/packages/lib/next-auth/auth-options.ts
+++ b/packages/lib/next-auth/auth-options.ts
@ -26,7 +26,8 @@ import { extractNextAuthRequestMetadata } from '../universal/extract-request-met
 import { getAuthenticatorOptions } from '../utils/authenticator';
 import { ErrorCode } from './error-codes';

-const useSecureCookies = process.env.NODE_ENV === 'production';
+const useSecureCookies =
+  process.env.NODE_ENV === 'production' && String(process.env.NEXTAUTH_URL).startsWith('https://');
 const cookiePrefix = useSecureCookies ? '__Secure-' : '';

 export const NEXT_AUTH_OPTIONS: AuthOptions = {