From e283a9dfa173446aacae4bfbbcd9282fab9bd3df Mon Sep 17 00:00:00 2001 From: "Zachariah K. Sharma" Date: Mon, 15 Jun 2026 11:48:33 -0600 Subject: [PATCH] Align scheduler secure auth cookies --- .../scheduler/app/api/auth/[...nextauth]/route.ts | 15 +++++++++++---- docker-compose.yml | 1 + 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/scheduler/app/api/auth/[...nextauth]/route.ts b/apps/scheduler/app/api/auth/[...nextauth]/route.ts index 74d6ff9208..3710fe5d91 100644 --- a/apps/scheduler/app/api/auth/[...nextauth]/route.ts +++ b/apps/scheduler/app/api/auth/[...nextauth]/route.ts @@ -1,14 +1,21 @@ import { getOptions } from "@calcom/features/auth/lib/next-auth-options"; +import { defaultCookies } from "@calcom/lib/default-cookies"; import type { TrackingData } from "@calcom/lib/tracking"; import NextAuth from "next-auth"; export const dynamic = "force-dynamic"; +const nextAuthUrl = process.env.NEXTAUTH_URL || process.env.NEXT_PUBLIC_WEBAPP_URL || ""; +const options = getOptions({ + getDubId: () => undefined, + getTrackingData: (): TrackingData => ({}), +}); + const handler = NextAuth( - getOptions({ - getDubId: () => undefined, - getTrackingData: (): TrackingData => ({}), - }) + { + ...options, + cookies: defaultCookies(nextAuthUrl.startsWith("https://")), + } ); export { handler as GET, handler as POST }; diff --git a/docker-compose.yml b/docker-compose.yml index 0492b33ae7..7c5918a90f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,6 +38,7 @@ services: NODE_ENV: production NEXTAUTH_SECRET: ${NEXTAUTH_SECRET} NEXTAUTH_URL: ${NEXTAUTH_URL:-https://cal.internal.vyntehome.com} + NEXT_PUBLIC_WEBAPP_URL: ${NEXT_PUBLIC_WEBAPP_URL:-https://cal.internal.vyntehome.com} NEXTAUTH_COOKIE_DOMAIN: ${NEXTAUTH_COOKIE_DOMAIN:-} AUTHENTIK_ISSUER: ${AUTHENTIK_ISSUER} AUTHENTIK_CLIENT_ID: ${AUTHENTIK_CLIENT_ID}