fix: securty http only

ballerine-io · Dec 13, 2024 · 8eeff22 · 8eeff22
1 parent ceebfc1
commit 8eeff22
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/services/workflows-service/src/main.ts b/services/workflows-service/src/main.ts
@@ -99,7 +99,7 @@ const main = async () => {
       name: 'session',
       keys: [env.SESSION_SECRET],
       httpOnly: env.ENVIRONMENT_NAME !== 'local',
-      secure: true,
+      secure: env.ENVIRONMENT_NAME !== 'local',
       // lax - Cookies are sent with same-site requests and some cross-site GET requests.
       sameSite: env.ENVIRONMENT_NAME !== 'local' ? 'strict' : 'lax',
       maxAge: 1000 * 60 * env.SESSION_EXPIRATION_IN_MINUTES,