fix sameSite

app/api/auth/refresh/route.ts

@@ -35,7 +35,7 @@ export async function GET(req: Request) {
     response.cookies.set("access_token", data.access_token, {
       httpOnly: true,
       secure: isHttps,
-      sameSite: "none",
+      sameSite: isHttps ? "none" : "lax",
       path: "/",
       ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
       maxAge: data.expires_in,
@@ -44,7 +44,7 @@ export async function GET(req: Request) {
     response.cookies.set("refresh_token", data.refresh_token, {
         httpOnly: true,
         secure: isHttps,
-        sameSite: "none",
+        sameSite: isHttps ? "none" : "lax",
         path: "/",
         ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
         maxAge: data.expires_in,

app/api/session/route.ts

@@ -3,13 +3,15 @@ import { NextResponse } from "next/server";
 
 export async function POST(req: Request) {
   const { token } = await req.json();
+  const isHttps = new URL(req.url).protocol === "https:";
+
 
   const res = NextResponse.json({ ok: true });
 
   res.cookies.set("auth_token", token, {
     httpOnly: true,
     secure: true,
-    sameSite: "none",
+    sameSite: isHttps ? "none" : "lax",
     ...(env.COOKIE_DOMAIN ? { domain: env.COOKIE_DOMAIN } : {}),
     path: "/",
   });

app/feature/auth/token-refresher.ts

@@ -1,10 +1,10 @@
-// /**
+// // /**
-//  * TOKEN REFRESHER
+// //  * TOKEN REFRESHER
-//  * Logic: Silent background token rotation.
+// //  * Logic: Silent background token rotation.
-//  * Role: Communicates with Keycloak to exchange a Refresh Token for a new Access Token.
+// //  * Role: Communicates with Keycloak to exchange a Refresh Token for a new Access Token.
-//  */
+// //  */
 
-// import { keycloakConfig } from './keycloak-config';
+// // import { keycloakConfig } from './keycloak-config';
 
 // export const refreshAccessToken = async (token: any) => {
 //   try {