drexa/drive
1
0
Fork 0
mirror of https://github.com/get-drexa/drive.git synced 2026-02-02 11:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(backend): remove unused secure cookie config

Browse Source
This commit is contained in:
Kenneth
2025-12-29 00:19:44 +00:00
parent f4620dff3a
commit c3a173de66
5 changed files with 3 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/backend/config.example.yaml
View File

@@ -33,9 +33,6 @@ cookie:
# Set this when frontend and API are on different subdomains (e.g., "app.com" for web.app.com + api.app.com).
# Leave empty for same-host cookies (localhost, single domain).
# domain: app.com
# Secure flag for cookies. If not set, automatically determined from request protocol (true for HTTPS, false for HTTP).
# Set explicitly to override automatic detection (useful for local development with HTTPS).
# secure: false
cors:
# Allowed origins for cross-origin requests.

7
apps/backend/internal/auth/cookies.go
View File

@@ -11,10 +11,6 @@ type CookieConfig struct {
// Domain for cross-subdomain cookies (e.g., "app.com" for web.app.com + api.app.com).
// Leave empty for same-host cookies (localhost, single domain).
Domain string
// Secure controls whether cookies are only sent over HTTPS.
// If nil, automatically set based on request protocol (true for HTTPS, false for HTTP).
// If explicitly set, this value is used regardless of protocol.
Secure *bool
}
// authCookies returns auth cookies from the given fiber context.
@@ -33,8 +29,7 @@ func authCookies(c *fiber.Ctx) map[string]string {
}
// SetAuthCookies sets HTTP-only auth cookies with security settings derived from the request.
// Secure flag is based on actual protocol (works automatically with proxies/tunnels),
// unless explicitly set in cfg.Secure.
// Secure flag is based on the request protocol (works automatically with proxies/tunnels).
func SetAuthCookies(c *fiber.Ctx, accessToken, refreshToken string, cfg CookieConfig) {
secure := c.Protocol() == "https"

3
apps/backend/internal/drexa/config.go
View File

@@ -56,10 +56,9 @@ type StorageConfig struct {
// CookieConfig controls auth cookie behavior.
// Domain is optional - only needed for cross-subdomain setups (e.g., "app.com" for web.app.com + api.app.com).
// Secure flag is derived from the request protocol automatically, unless explicitly set.
// Secure flag is derived from the request protocol automatically.
type CookieConfig struct {
Domain string `yaml:"domain"`
Secure *bool `yaml:"secure"`
}
// CORSConfig controls Cross-Origin Resource Sharing behavior.

1
apps/backend/internal/drexa/server.go
View File

@@ -110,7 +110,6 @@ func NewServer(c Config) (*Server, error) {
cookieConfig := auth.CookieConfig{
Domain: c.Cookie.Domain,
Secure: c.Cookie.Secure,
}
authMiddleware := auth.NewAuthMiddleware(authService, db, cookieConfig)