Skip to content

Disable cookie secure option when using vite dev --host #10438

Description

@hyunbinseo

Describe the problem

Thanks to the localhost exception, cookies can be set in the development environment with ease.

The httpOnly and secure options are true by default (except on http://localhost/, where secure is false)

https://kit.svelte.dev/docs/types#public-types-cookies


However, the exception is not applied if the Vite server is exposed over the network, and is accessed using an IP address.

npx vite dev --host

# VITE v4.4.4  ready in 612 ms
cookies.set('name', 'value');

//  Local:   http://localhost:5173/ ← works
//  Network: http://172.30.1.83:5173/ ← does not work
//  Network: http://100.116.137.49:5173/ ← does not work

Describe the proposed solution

Disable the secure option in the cookies.set() API if it is a Vite dev server. (and possibly in the preview server)

Alternatives considered

No response

Importance

nice to have

Additional Information

No response

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions