fix: allow auth cookies over HTTP for reverse proxy setup #41

Merged
jimmy merged 2 commits from dev into main 2026-04-08 11:20:58 +08:00
Showing only changes of commit 0420b0eb13 - Show all commits
+3 -1
View File
@@ -17,7 +17,9 @@ oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/auth/login")
ACCESS_COOKIE_NAME = "nas_access_token"
REFRESH_COOKIE_NAME = "nas_refresh_token"
COOKIE_SECURE = True
# Allow both HTTP and HTTPS by setting secure=False
# In production, Caddy terminates TLS and forwards to backend over HTTP
COOKIE_SECURE = False
COOKIE_SAMESITE = "lax"
COOKIE_PATH = "/"