fix: cors attack issue? (#58)

2026-06-27 22:24:14 +00:00 · 2026-05-14 12:00:16 +01:00 · 2026-05-14 12:00:16 +01:00 · d5c619567a
commit d5c619567a
parent 9f6569f439
1 changed files with 3 additions and 3 deletions
--- a/backend/src/lib/auth.ts
+++ b/backend/src/lib/auth.ts
@ -15,10 +15,10 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
 			name: process.env.NODE_ENV === "production" ? "__Secure-next-auth.session-token" : "next-auth.session-token",
 			options: {
 				httpOnly: true,
-				sameSite: "none",
+				sameSite: "lax",
 				path: "/",
-				secure: true,
-				domain: process.env.NODE_ENV === "production" ? ".tomodachishare.com" : "localhost",
+				secure: process.env.NODE_ENV === "production",
+				domain: process.env.NODE_ENV === "production" ? ".tomodachishare.com" : undefined,
 			},
 		},
 	},