From d5c619567ab54d5d6bc9bc0448a135e021e115ab Mon Sep 17 00:00:00 2001
From: trafficlunar <hello@trafficlunar.net>
Date: Thu, 14 May 2026 12:00:16 +0100
Subject: [PATCH] fix: cors attack issue? (#58)

---
 backend/src/lib/auth.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/src/lib/auth.ts b/backend/src/lib/auth.ts
index 56b515e..f7e4198 100644
--- a/backend/src/lib/auth.ts
+++ b/backend/src/lib/auth.ts
@@ -15,10 +15,10 @@ export const { handlers, signIn, signOut, auth } = NextAuth({
 			name: process.env.NODE_ENV === "production" ? "__Secure-next-auth.session-token" : "next-auth.session-token",
 			options: {
 				httpOnly: true,
-				sameSite: "none",
+				sameSite: "lax",
 				path: "/",
-				secure: true,
-				domain: process.env.NODE_ENV === "production" ? ".tomodachishare.com" : "localhost",
+				secure: process.env.NODE_ENV === "production",
+				domain: process.env.NODE_ENV === "production" ? ".tomodachishare.com" : undefined,
 			},
 		},
 	},