From f9899c1aeb00c01b0f5ec23c644ecbda0d0f08c2 Mon Sep 17 00:00:00 2001
From: Greg Burri <greg.burri@gmail.com>
Date: Wed, 7 May 2025 21:47:24 +0200
Subject: [PATCH] Set authentication cookie as secure

---
 backend/src/services/user.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/src/services/user.rs b/backend/src/services/user.rs
index db7b482..9b897a4 100644
--- a/backend/src/services/user.rs
+++ b/backend/src/services/user.rs
@@ -237,6 +237,7 @@ pub async fn sign_up_validation(
             {
                 db::user::ValidationResult::Ok(token, user_id) => {
                     let cookie = Cookie::build((consts::COOKIE_AUTH_TOKEN_NAME, token))
+                        .secure(true)
                         .same_site(cookie::SameSite::Strict);
                     jar = jar.add(cookie);
                     let user = connection.load_user(user_id).await?;
@@ -367,6 +368,7 @@ pub async fn sign_in_post(
         }
         db::user::SignInResult::Ok(token, _user_id) => {
             let cookie = Cookie::build((consts::COOKIE_AUTH_TOKEN_NAME, token))
+                .secure(true)
                 .same_site(cookie::SameSite::Strict);
             Ok((
                 jar.add(cookie),
@@ -974,6 +976,7 @@ pub async fn email_revalidation(
             {
                 db::user::ValidationResult::Ok(token, user_id) => {
                     let cookie = Cookie::build((consts::COOKIE_AUTH_TOKEN_NAME, token))
+                        .secure(true)
                         .same_site(cookie::SameSite::Strict);
                     jar = jar.add(cookie);
                     let user = connection.load_user(user_id).await?;