Daniel Noworyta
Daniel Noworyta
Explore posts from servers
RRailwayTTCTheo's Typesafe Cult
PostsComments
RRailway
Created by Daniel Noworyta on 2/9/2024 in #✋|help
SSL Secure Set-Cookie
Hi i have my API on api.danielnoworyta.com and my client on kursy.danielnoworyta.com My api suppose to give back set-cookie header when im hittinh /session-auth/sign-in but it's not My desired cookie option is: 
session({
          store: this.sessionService.redisStore,
          name: 'course_api',
          secret: this.configService.getOrThrow('passport.sessionSecret'),
          resave: false,
          saveUninitialized: false,
          cookie: {
            secure:
              this.configService.getOrThrow('environment') === 'production',
            httpOnly: true,
            sameSite: 'strict',
            domain:
              this.configService.getOrThrow('environment') === 'production'
                ? '.danielnoworyta.pl'
                : 'localhost',
            maxAge: 2 * 60 * 60 * 1000, // 2 hours
          },
        }),
session({
          store: this.sessionService.redisStore,
          name: 'course_api',
          secret: this.configService.getOrThrow('passport.sessionSecret'),
          resave: false,
          saveUninitialized: false,
          cookie: {
            secure:
              this.configService.getOrThrow('environment') === 'production',
            httpOnly: true,
            sameSite: 'strict',
            domain:
              this.configService.getOrThrow('environment') === 'production'
                ? '.danielnoworyta.pl'
                : 'localhost',
            maxAge: 2 * 60 * 60 * 1000, // 2 hours
          },
        }),
when i turn off secure all is working fine. I think there is problem with SSL cert. My domain is on Vercel currently any ideas how to solve this problem?
8 replies