Describe the problem
Thanks to the localhost exception, cookies can be set in the development environment with ease.
The httpOnly and secure options are true by default (except on http://localhost/, where secure is false)
https://kit.svelte.dev/docs/types#public-types-cookies
However, the exception is not applied if the Vite server is exposed over the network, and is accessed using an IP address.
npx vite dev --host
# VITE v4.4.4 ready in 612 ms
cookies.set('name', 'value');
// Local: http://localhost:5173/ ← works
// Network: http://172.30.1.83:5173/ ← does not work
// Network: http://100.116.137.49:5173/ ← does not work
Describe the proposed solution
Disable the secure option in the cookies.set() API if it is a Vite dev server. (and possibly in the preview server)
Alternatives considered
No response
Importance
nice to have
Additional Information
No response
Describe the problem
Thanks to the
localhostexception, cookies can be set in the development environment with ease.https://kit.svelte.dev/docs/types#public-types-cookies
However, the exception is not applied if the Vite server is exposed over the network, and is accessed using an IP address.
npx vite dev --host # VITE v4.4.4 ready in 612 msDescribe the proposed solution
Disable the
secureoption in thecookies.set()API if it is a Vite dev server. (and possibly in the preview server)Alternatives considered
No response
Importance
nice to have
Additional Information
No response