Merge pull request #13 from AdaInTheLab/fix/oauth-failed

Configures cookie settings for OAuth.

Author: AdaInTheLab

src/app.ts

@@ -176,16 +176,16 @@ export function createApp() {
             cookie: {
                 httpOnly: true,
 
-            // ✅ must be true when sameSite is "none"
-            secure: isProd,
+                // ✅ must be true when sameSite is "none"
+                secure: isProd,
 
-            sameSite: cookieSameSite,
+                sameSite: "none",
 
-            // ✅ allow cookie across root + api subdomain (prod only)
-            domain: isProd ? ".thehumanpatternlab.com" : undefined,
+                // ✅ allow cookie across root + api subdomain (prod only)
+                domain: isProd ? ".thehumanpatternlab.com" : undefined,
 
-            // Optional: makes sessions survive restarts for a bit
-            // maxAge: 1000 * 60 * 60 * 24 * 7,
+                // Optional: makes sessions survive restarts for a bit
+                // maxAge: 1000 * 60 * 60 * 24 * 7,
             },
         })
     );
@@ -217,18 +217,6 @@ export function createApp() {
         });
     });
 
-    //TODO: THIS IS TEMP
-    app.get("/auth/cookie-test", (req, res) => {
-        (req.session as any).cookie_test = Date.now();
-
-        res.json({
-            ok: true,
-            wrote: true,
-            hasCookieHeader: Boolean(req.headers.cookie),
-            sessionID: req.sessionID,
-        });
-    });
-
     /* ===========================================================
        12) ROUTES (LAST)
        -----------------------------------------------------------