diff --git a/packages/better-auth/src/cookies/cookies.test.ts b/packages/better-auth/src/cookies/cookies.test.ts index d315971fb3..66ddfc7600 100644 --- a/packages/better-auth/src/cookies/cookies.test.ts +++ b/packages/better-auth/src/cookies/cookies.test.ts @@ -1,5 +1,5 @@ import type { BetterAuthOptions } from "@better-auth/core"; -import { describe, expect, it, vi } from "vitest"; +import { afterEach, describe, expect, it, vi } from "vitest"; import { expireCookie, getCookieCache, @@ -98,6 +98,43 @@ describe("cookies", async () => { }, ); }); + + describe("production environment", () => { + afterEach(() => { + vi.unstubAllEnvs(); + vi.resetModules(); + }); + + it("should use secure cookies when baseURL is not configured", async () => { + // Set NODE_ENV to production + vi.stubEnv("NODE_ENV", "production"); + + // Reset modules to reload with new NODE_ENV + vi.resetModules(); + + // Re-import modules after NODE_ENV change + const { getTestInstance: getTestInstanceReloaded } = await import( + "../test-utils/test-instance" + ); + + const { client, testUser } = await getTestInstanceReloaded({ + baseURL: undefined, + }); + + await client.signIn.email( + { + email: testUser.email, + password: testUser.password, + }, + { + onResponse(context) { + const setCookie = context.response.headers.get("set-cookie"); + expect(setCookie).toContain("Secure"); + }, + }, + ); + }); + }); }); describe("crossSubdomainCookies", () => { diff --git a/packages/better-auth/src/cookies/index.ts b/packages/better-auth/src/cookies/index.ts index ff0eafce6d..b6e43a3e0d 100644 --- a/packages/better-auth/src/cookies/index.ts +++ b/packages/better-auth/src/cookies/index.ts @@ -28,7 +28,7 @@ export function createCookieGetter(options: BetterAuthOptions) { const secure = options.advanced?.useSecureCookies !== undefined ? options.advanced?.useSecureCookies - : options.baseURL !== undefined + : options.baseURL ? options.baseURL.startsWith("https://") ? true : false