From 83470449e8852cefcd7e0df38ceb70d491f4ab74 Mon Sep 17 00:00:00 2001 From: dzinesco Date: Sat, 12 Jul 2025 21:15:27 -0600 Subject: [PATCH] fix: Implement comprehensive Supabase cookie configuration for Docker environment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Client-side improvements (supabase.ts): - Set detectSessionInUrl: false to prevent SSR redirect loops - Add explicit cookieOptions with Docker-friendly settings - Configure secure: false for localhost non-HTTPS - Set sameSite: 'lax' for proper navigation cookie handling Server-side improvements (supabase-ssr.ts): - Add comprehensive default cookie options - Ensure consistent cookie configuration across all server clients - Set maxAge: 7 days for proper session persistence - Maintain security with httpOnly: true These changes address session persistence issues in Docker containers and should resolve Stripe setup redirect loops for existing users. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- src/lib/supabase-ssr.ts | 21 ++++++++++++++------- src/lib/supabase.ts | 8 +++++++- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/src/lib/supabase-ssr.ts b/src/lib/supabase-ssr.ts index 687bae2..00d7951 100644 --- a/src/lib/supabase-ssr.ts +++ b/src/lib/supabase-ssr.ts @@ -6,6 +6,15 @@ export function createSupabaseServerClient( cookies: AstroCookies, cookieOptions?: CookieOptions ) { + // Default cookie options for Docker/localhost environment + const defaultCookieOptions: CookieOptions = { + secure: false, // localhost is non-HTTPS in Docker + sameSite: 'lax', // allow cross-site cookie on navigation + path: '/', // root-wide access + httpOnly: true, // JS-inaccessible for security + maxAge: 60 * 60 * 24 * 7, // 7 days + }; + return createServerClient( import.meta.env.PUBLIC_SUPABASE_URL!, import.meta.env.PUBLIC_SUPABASE_ANON_KEY!, @@ -17,24 +26,22 @@ export function createSupabaseServerClient( }, set(name: string, value: string, options: CookieOptions) { if (!cookies) return; - // Fix cookie settings for Docker/production + // Merge with default options, allowing overrides cookies.set(name, value, { + ...defaultCookieOptions, + ...cookieOptions, ...options, - httpOnly: true, - secure: false, // Set to false for Docker/localhost - sameSite: 'lax', - path: '/' }) }, remove(name: string, options: CookieOptions) { if (!cookies) return; cookies.delete(name, { + ...defaultCookieOptions, ...options, - path: '/' }) }, }, - cookieOptions, + cookieOptions: defaultCookieOptions, } ) } diff --git a/src/lib/supabase.ts b/src/lib/supabase.ts index 99a0668..6b34de7 100644 --- a/src/lib/supabase.ts +++ b/src/lib/supabase.ts @@ -14,7 +14,13 @@ export const supabase = createClient(supabaseUrl, supabaseAnonKey, { flowType: 'pkce', autoRefreshToken: true, persistSession: true, - detectSessionInUrl: true + detectSessionInUrl: false, // disable URL-based session detection to avoid SSR redirect loops + cookieOptions: { + secure: false, // localhost is non-HTTPS in Docker + sameSite: 'lax', // allow cross-site cookie on navigation + path: '/', // root-wide access + httpOnly: true, // JS-inaccessible for security + }, } })