diff --git a/dashboard/README.md b/dashboard/README.md index 8b99c1e..5c6b25c 100644 --- a/dashboard/README.md +++ b/dashboard/README.md @@ -1,3 +1 @@ # Dashboard - -CI deploy test after fixing duplicate network issue diff --git a/dashboard/backend/auth_service.py b/dashboard/backend/auth_service.py index cc9d485..5605f6a 100644 --- a/dashboard/backend/auth_service.py +++ b/dashboard/backend/auth_service.py @@ -17,7 +17,9 @@ oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/auth/login") ACCESS_COOKIE_NAME = "nas_access_token" REFRESH_COOKIE_NAME = "nas_refresh_token" -COOKIE_SECURE = True +# Allow both HTTP and HTTPS by setting secure=False +# In production, Caddy terminates TLS and forwards to backend over HTTP +COOKIE_SECURE = False COOKIE_SAMESITE = "lax" COOKIE_PATH = "/"