From 1374bbae9e54d7602ffc86b446f9c6afb591d6b7 Mon Sep 17 00:00:00 2001
From: Sebastian Rindom <skrindom@gmail.com>
Date: Fri, 21 Aug 2020 22:53:15 +0200
Subject: [PATCH] Secure cookies in production

---
 packages/medusa/src/loaders/express.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/medusa/src/loaders/express.js b/packages/medusa/src/loaders/express.js
index 7dd22f674a..eca1b1038b 100644
--- a/packages/medusa/src/loaders/express.js
+++ b/packages/medusa/src/loaders/express.js
@@ -21,7 +21,7 @@ export default async ({ app }) => {
       activeDuration: 1000 * 60 * 5,
       cookie: {
         httpOnly: true,
-        secure: false,
+        secure: process.env.NODE_ENV === "production",
       },
     })
   )