Always set Secure for multi auth cookies in prod (#1404)

.platform/nginx/conf.d/elasticbeanstalk/00_application.conf

@@ -22,5 +22,4 @@ location / {
      proxy_set_header    Host                $host;
      proxy_set_header    X-Real-IP           $remote_addr;
      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-     proxy_set_header    X-Forwarded-Proto   $scheme;
 }

pages/api/auth/[...nextauth].js

@@ -118,7 +118,7 @@ function setMultiAuthCookies (req, res, { id, jwt, name, photoId }) {
 
   // default expiration for next-auth JWTs is in 1 month
   const expiresAt = datePivot(new Date(), { months: 1 })
-  const secure = req.headers['x-forwarded-proto'] === 'https'
+  const secure = process.env.NODE_ENV === 'production'
   const cookieOptions = {
     path: '/',
     httpOnly: true,

pages/api/graphql.js

@@ -88,7 +88,7 @@ function multiAuthMiddleware (request) {
   const cookiePointerName = 'multi_auth.user-id'
   const hasCookiePointer = !!request.cookies[cookiePointerName]
 
-  const secure = request.headers['x-forwarded-proto'] === 'https'
+  const secure = process.env.NODE_ENV === 'production'
 
   // is there a session?
   const sessionCookieName = secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token'

pages/api/signout.js

@@ -11,7 +11,7 @@ export default (req, res) => {
   const cookiePointerName = 'multi_auth.user-id'
   const userId = req.cookies[cookiePointerName]
 
-  const secure = req.headers['x-forwarded-proto'] === 'https'
+  const secure = process.env.NODE_ENV === 'production'
 
   // is there a session?
   const sessionCookieName = secure ? '__Secure-next-auth.session-token' : 'next-auth.session-token'