From d3ada5a6899096fe2c3a768566251046f70394a6 Mon Sep 17 00:00:00 2001
From: Charmunk <ivie@hackclub.com>
Date: Mon, 10 Nov 2025 12:42:43 -0500
Subject: [PATCH] Update src/api/users/auth.route.js

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 src/api/users/auth.route.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/users/auth.route.js b/src/api/users/auth.route.js
index 1712c9e..11a256c 100644
--- a/src/api/users/auth.route.js
+++ b/src/api/users/auth.route.js
@@ -212,7 +212,7 @@ router.post('/login', /* authLimiter, */ async (req, res) => {
       .returning(['email', 'username', 'authorization', 'is_admin']);
 
     res.cookie('auth_token', updatedUser.authorization, {
-      httpOnly: false,
+      httpOnly: true,
       maxAge: 7 * 24 * 60 * 60 * 1000,
       sameSite: 'strict',
       secure: process.env.NODE_ENV === 'production'