diff --git a/dashboard/backend/auth_service.py b/dashboard/backend/auth_service.py index cc9d485..5605f6a 100644 --- a/dashboard/backend/auth_service.py +++ b/dashboard/backend/auth_service.py @@ -17,7 +17,9 @@ oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/auth/login") ACCESS_COOKIE_NAME = "nas_access_token" REFRESH_COOKIE_NAME = "nas_refresh_token" -COOKIE_SECURE = True +# Allow both HTTP and HTTPS by setting secure=False +# In production, Caddy terminates TLS and forwards to backend over HTTP +COOKIE_SECURE = False COOKIE_SAMESITE = "lax" COOKIE_PATH = "/"