marcel/mealprep
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(join): use secure: !dev for JSESSIONID cookie to work in local dev

Browse Source 
Hardcoded secure: true silently drops the cookie on HTTP (localhost),
causing the post-join redirect to bounce back to /login. Use $app/environment
dev flag so the cookie works in development while remaining Secure in production.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel Raddatz
2026-04-10 22:25:48 +02:00
parent 0b182a33fd
commit 230ee5a067
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
frontend/src/routes/(public)/join/[token]/+page.server.ts
View File

@@ -1,4 +1,5 @@
import { fail, redirect } from '@sveltejs/kit'; import { fail, redirect } from '@sveltejs/kit';
import { dev } from '$app/environment';
import { apiClient } from '$lib/server/api'; import { apiClient } from '$lib/server/api';
import type { Actions, PageServerLoad } from './$types'; import type { Actions, PageServerLoad } from './$types';
@@ -74,7 +75,7 @@ export const actions = {
path: '/', path: '/',
httpOnly: true, httpOnly: true,
sameSite: 'lax', sameSite: 'lax',
secure: true secure: !dev
}); });
} }

2
frontend/src/routes/(public)/join/[token]/page.server.test.ts
View File

@@ -4,6 +4,8 @@ vi.mock('$env/dynamic/private', () => ({
env: { BACKEND_URL: 'http://localhost:8080' } env: { BACKEND_URL: 'http://localhost:8080' }
})); }));
vi.mock('$app/environment', () => ({ dev: false }));
const mockGet = vi.fn(); const mockGet = vi.fn();
const mockPost = vi.fn(); const mockPost = vi.fn();
vi.mock('$lib/server/api', () => ({ vi.mock('$lib/server/api', () => ({