Merged in fix/sw-3035-secure-sas-cookie (pull request #2363)

Add secure to SAS flow cookies * Add secure to SAS flow cookies * Reverse NODE_ENV check Approved-by: Linus Flood
2025-06-16 07:35:44 +00:00
parent e6a15bd685
commit 9f78dd69fe
2 changed files with 2 additions and 0 deletions
--- a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts
+++ b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts
@@ -78,6 +78,7 @@ export async function GET(
  cookieStore.set(SAS_TOKEN_STORAGE_KEY, tokenData.access_token, {
    maxAge: 3600,
    httpOnly: true,
+    secure: env.NODE_ENV !== "development",
  })

  if (
--- a/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts
+++ b/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts
@@ -131,6 +131,7 @@ async function setSASOtpCookie({
    {
      httpOnly: true,
      maxAge: 3600,
+      secure: env.NODE_ENV !== "development",
    }
  )
 }