File tree Expand file tree Collapse file tree
frontend/src/components/AuthManager Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -77,14 +77,11 @@ const AuthManager = () => {
7777
7878 // SSO Callback handler - fetches profile and JWT after successful SSO login
7979 const handleSSOCallback = async ( event ?: React . FormEvent < HTMLFormElement > ) => {
80- if ( event ) {
81- event . preventDefault ( ) ;
82- }
8380 try {
8481 const response = await fetch (
8582 `${ process . env . REACT_APP_SERVER_URL } /api/sso/profile` ,
8683 {
87- credentials : 'include' , // CRITICAL: Sends session cookie
84+ credentials : 'include' , // Send session cookie
8885 }
8986 ) ;
9087
Original file line number Diff line number Diff line change @@ -24,7 +24,7 @@ export const sessionMiddleware = session({
2424 name : 'carriage.sid' , // Custom session cookie name
2525 cookie : {
2626 httpOnly : true ,
27- secure : process . env . NODE_ENV === 'production' , // HTTPS only in production
27+ secure : true , // HTTPS only in production
2828 // In production the frontend (Netlify) and backend (Vercel) are on different sites,
2929 // so we must allow the session cookie to be sent on cross-site XHR/fetch requests.
3030 // SameSite=Lax works for localhost (same-site) but *blocks* these requests in prod.
You can’t perform that action at this time.
0 commit comments