From c9e96d489ddbd8c12a78fcf992472faa63b19656 Mon Sep 17 00:00:00 2001
From: Peter Maquiran <maquiranpeter29@gmail.com>
Date: Tue, 21 Apr 2026 21:05:12 +0100
Subject: [PATCH] fix sameSite

---
 app/api/auth/refresh/route.ts       |  4 ++--
 app/api/session/route.ts            |  4 +++-
 app/feature/auth/token-refresher.ts | 12 ++++++------
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/app/api/auth/refresh/route.ts b/app/api/auth/refresh/route.ts
index 8f0eae7..3e4ce55 100644
--- a/app/api/auth/refresh/route.ts
+++ b/app/api/auth/refresh/route.ts
@@ -35,7 +35,7 @@ export async function GET(req: Request) {
     response.cookies.set("access_token", data.access_token, {
       httpOnly: true,
       secure: isHttps,
-      sameSite: "none",
+      sameSite: isHttps ? "none" : "lax",
       path: "/",
       ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
       maxAge: data.expires_in,
@@ -44,7 +44,7 @@ export async function GET(req: Request) {
     response.cookies.set("refresh_token", data.refresh_token, {
         httpOnly: true,
         secure: isHttps,
-        sameSite: "none",
+        sameSite: isHttps ? "none" : "lax",
         path: "/",
         ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
         maxAge: data.expires_in,
diff --git a/app/api/session/route.ts b/app/api/session/route.ts
index 156069e..e13d49d 100644
--- a/app/api/session/route.ts
+++ b/app/api/session/route.ts
@@ -3,13 +3,15 @@ import { NextResponse } from "next/server";
 
 export async function POST(req: Request) {
   const { token } = await req.json();
+  const isHttps = new URL(req.url).protocol === "https:";
+
 
   const res = NextResponse.json({ ok: true });
 
   res.cookies.set("auth_token", token, {
     httpOnly: true,
     secure: true,
-    sameSite: "none",
+    sameSite: isHttps ? "none" : "lax",
     ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
     path: "/",
   });
diff --git a/app/feature/auth/token-refresher.ts b/app/feature/auth/token-refresher.ts
index b2e1408..631c97c 100644
--- a/app/feature/auth/token-refresher.ts
+++ b/app/feature/auth/token-refresher.ts
@@ -1,10 +1,10 @@
-// /**
-//  * TOKEN REFRESHER
-//  * Logic: Silent background token rotation.
-//  * Role: Communicates with Keycloak to exchange a Refresh Token for a new Access Token.
-//  */
+// // /**
+// //  * TOKEN REFRESHER
+// //  * Logic: Silent background token rotation.
+// //  * Role: Communicates with Keycloak to exchange a Refresh Token for a new Access Token.
+// //  */
 
-// import { keycloakConfig } from './keycloak-config';
+// // import { keycloakConfig } from './keycloak-config';
 
 // export const refreshAccessToken = async (token: any) => {
 //   try {