[PR #297] [MERGED] Fix auth cookie secure flag for HTTP in production #338

New issue

Closed

opened 2026-02-26 12:41:03 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 12:41:03 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE-Local/pull/297
Author: @michelroegl-brunner
Created: 11/10/2025
Status: ✅ Merged
Merged: 11/10/2025
Merged by: @michelroegl-brunner

Base: main ← Head: fix/auth

📝 Commits (2)

86056c9 Fix auth loop
8c27eac Fix auth cookie secure flag for HTTP in production

📊 Changes

2 files changed (+10 additions, -2 deletions)

View changed files

📝 src/app/_components/AuthProvider.tsx (+6 -1)
📝 src/app/api/auth/login/route.ts (+4 -1)

📄 Description

Problem

Authentication was failing in production mode when accessing the app over HTTP. Users would log in successfully but then be redirected back to the login page.

Root Cause

The cookie flag was set based on , which meant cookies required HTTPS even when the app was accessed over HTTP. Browsers would not set or send the cookie, causing authentication to fail.

Solution

Changed cookie flag to check the actual request protocol () instead of
Cookies now work correctly in both HTTP and HTTPS environments
Maintains security by still using when actually over HTTPS

Changes

Modified to detect request protocol
Added delay in to ensure cookie is available before verification (already committed)

Testing

✅ Works in development mode (npm run dev)
✅ Works in production mode over HTTP (npm start)
✅ Maintains security for HTTPS connections

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE-Local/pull/297 **Author:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Created:** 11/10/2025 **Status:** ✅ Merged **Merged:** 11/10/2025 **Merged by:** [@michelroegl-brunner](https://github.com/michelroegl-brunner) **Base:** `main` ← **Head:** `fix/auth` --- ### 📝 Commits (2) - [`86056c9`](https://github.com/community-scripts/ProxmoxVE-Local/commit/86056c984d35be07e3cf47ed4549ba9c686c843d) Fix auth loop - [`8c27eac`](https://github.com/community-scripts/ProxmoxVE-Local/commit/8c27eacff75abe08d15caad8ece13ed365653c97) Fix auth cookie secure flag for HTTP in production ### 📊 Changes **2 files changed** (+10 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `src/app/_components/AuthProvider.tsx` (+6 -1) 📝 `src/app/api/auth/login/route.ts` (+4 -1) </details> ### 📄 Description ## Problem Authentication was failing in production mode when accessing the app over HTTP. Users would log in successfully but then be redirected back to the login page. ## Root Cause The cookie flag was set based on , which meant cookies required HTTPS even when the app was accessed over HTTP. Browsers would not set or send the cookie, causing authentication to fail. ## Solution - Changed cookie flag to check the actual request protocol () instead of - Cookies now work correctly in both HTTP and HTTPS environments - Maintains security by still using when actually over HTTPS ## Changes - Modified to detect request protocol - Added delay in to ensure cookie is available before verification (already committed) ## Testing - ✅ Works in development mode (npm run dev) - ✅ Works in production mode over HTTP (npm start) - ✅ Maintains security for HTTPS connections --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>