From 9f78dd69fe848641a4fd166d2b2b57a37b14136b Mon Sep 17 00:00:00 2001
From: Anton Gunnarsson <anton.gunnarsson@scandichotels.com>
Date: Mon, 16 Jun 2025 07:35:44 +0000
Subject: [PATCH] Merged in fix/sw-3035-secure-sas-cookie (pull request #2363)

Add secure to SAS flow cookies

* Add secure to SAS flow cookies

* Reverse NODE_ENV check


Approved-by: Linus Flood
---
 .../(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts  | 1 +
 .../server/routers/partners/sas/otp/request/requestOtp.ts        | 1 +
 2 files changed, 2 insertions(+)

diff --git a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts
index 9b6b98399..d5565b3b0 100644
--- a/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts
+++ b/apps/scandic-web/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/callback/route.ts
@@ -78,6 +78,7 @@ export async function GET(
   cookieStore.set(SAS_TOKEN_STORAGE_KEY, tokenData.access_token, {
     maxAge: 3600,
     httpOnly: true,
+    secure: env.NODE_ENV !== "development",
   })
 
   if (
diff --git a/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts b/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts
index 6bddbadc4..673c0bc5a 100644
--- a/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts
+++ b/apps/scandic-web/server/routers/partners/sas/otp/request/requestOtp.ts
@@ -131,6 +131,7 @@ async function setSASOtpCookie({
     {
       httpOnly: true,
       maxAge: 3600,
+      secure: env.NODE_ENV !== "development",
     }
   )
 }