From 5d713aa419bcefc342f6a6e14899db6cc3d05d7f Mon Sep 17 00:00:00 2001
From: kwesterfeld2 <38136866+kwesterfeld2@users.noreply.github.com>
Date: Thu, 14 Mar 2024 05:31:00 -0400
Subject: [PATCH] Fix case where secureCookie is passed as false, and we need
 it to stay false (#704)

in evaluation.  Use the nullish coalescing operator here to avoid calling into
getServerOrigin(), which does not apply to our use case.

Co-authored-by: Marsel Shayhin <18054980+phoenix-ru@users.noreply.github.com>
---
 src/runtime/server/services/authjs/nuxtAuthHandler.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/runtime/server/services/authjs/nuxtAuthHandler.ts b/src/runtime/server/services/authjs/nuxtAuthHandler.ts
index 5dea13d6..59a215e3 100644
--- a/src/runtime/server/services/authjs/nuxtAuthHandler.ts
+++ b/src/runtime/server/services/authjs/nuxtAuthHandler.ts
@@ -227,7 +227,7 @@ export const getToken = <R extends boolean = false>({ event, secureCookie, secre
     headers: getHeaders(event) as IncomingHttpHeaders
   },
   // see https://github.com/nextauthjs/next-auth/blob/8387c78e3fef13350d8a8c6102caeeb05c70a650/packages/next-auth/src/jwt/index.ts#L73
-  secureCookie: secureCookie || getServerOrigin(event).startsWith('https://'),
+  secureCookie: secureCookie ?? getServerOrigin(event).startsWith('https://'),
   secret: secret || usedSecret,
   ...rest
 })