From 66fac20465f39b866b5bd9d51b85a546670b6c58 Mon Sep 17 00:00:00 2001
From: Jakob Ankarhem <jakob.ankarhem@outlook.com>
Date: Tue, 11 Oct 2022 21:30:53 +0200
Subject: [PATCH] fix(oidc): allow insecure state cookie when using http

---
 server/routes/auth.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routes/auth.ts b/server/routes/auth.ts
index 013b5b03b..1ddfaa3b9 100644
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -421,7 +421,7 @@ authRoutes.get('/oidc-login', async (req, res, next) => {
   res.cookie('oidc-state', state, {
     maxAge: 60000,
     httpOnly: true,
-    secure: true,
+    secure: req.protocol === 'https',
   });
   return res.redirect(redirectUrl);
 });