fix(auth): add crossSubDomainCookies

lorenzocorallo · lorenzocorallo · commit b0d366766d89 · 2025-04-15T00:53:51.000+02:00
diff --git a/backend/src/auth.ts b/backend/src/auth.ts
@@ -16,16 +16,28 @@ export const auth = betterAuth({
       account: SCHEMA.AUTH.accounts,
       session: SCHEMA.AUTH.sessions,
       verification: SCHEMA.AUTH.verifications,
-    }
+    },
   }),
+  advanced: {
+    crossSubDomainCookies: {
+      enabled: true,
+      domain: ".polinetwork.org", // Domain with a leading period
+    },
+    defaultCookieAttributes: {
+      secure: true,
+      httpOnly: true,
+      sameSite: "none", // Allows CORS-based cookie sharing across subdomains
+      partitioned: true, // New browser standards will mandate this for foreign cookies
+    },
+  },
   cookieCache: {
     enabled: true,
     maxAge: 5 * 60, // Cache duration in seconds
   },
-  socialProviders: { 
-    github: { 
-      clientId: env.GITHUB_CLIENT_ID, 
-      clientSecret: env.GITHUB_CLIENT_SECRET, 
-    }, 
-  }, 
+  socialProviders: {
+    github: {
+      clientId: env.GITHUB_CLIENT_ID,
+      clientSecret: env.GITHUB_CLIENT_SECRET,
+    },
+  },
 });
