From 4a1f943339afb1127ecdebaf54fb1276b0504abe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=97=D0=B0=D0=B8=D0=B4=20=D0=9E=D0=BC=D0=B0=D1=80=20?=
 =?UTF-8?q?=D0=9C=D0=B5=D0=B4=D1=85=D0=B0=D1=82=20=7C=20Zaid=20Omar=20Medh?=
 =?UTF-8?q?at?= <omar.m.zaid@hotmail.com>
Date: Tue, 27 Jan 2026 15:09:57 +0500
Subject: [PATCH] try fox

---
 src/auth/auth.service.ts | 14 +++++++-------
 src/main.ts              | 21 +++++++++++++++++++--
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index 5063476..902ef45 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -118,18 +118,18 @@ export class AuthService {
   }
 
   getCookieOptions(isRefreshToken = false) {
-    // const isProduction =
-    //   this.configService.get<string>("NODE_ENV") === "production";
-    // const cookieSecure =
-    //   this.configService.get<string>("COOKIE_SECURE") === "true";
-    // const domain = this.configService.get<string>("COOKIE_DOMAIN");
+    const isProduction =
+      this.configService.get<string>("NODE_ENV") === "production";
+    const cookieSecure =
+      this.configService.get<string>("COOKIE_SECURE") === "true";
+    const domain = this.configService.get<string>("COOKIE_DOMAIN");
 
     return {
       httpOnly: true,
-      // secure: isProduction || cookieSecure,
+      secure: true,
       sameSite: "none" as const,
       path: isRefreshToken ? "/auth/refresh" : "/",
-      // domain: domain,
+      domain: domain,
       maxAge: isRefreshToken ? 7 * 24 * 60 * 60 * 1000 : 15 * 60 * 1000,
     };
   }
diff --git a/src/main.ts b/src/main.ts
index 7e1d02b..9ee9dff 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -12,8 +12,25 @@ async function bootstrap() {
   app.enableCors({
     origin: corsOrigins,
     credentials: true,
-    methods: ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
-    allowedHeaders: ["Content-Type", "Authorization", "X-Requested-With"],
+    allowedHeaders: [
+      "Content-Type",
+      "Authorization",
+      "X-Requested-With",
+      "Accept",
+      "Origin",
+      "Access-Control-Request-Method",
+      "Access-Control-Request-Headers",
+      "Cache-Control",
+    ],
+    exposedHeaders: [
+      "Authorization",
+      "Set-Cookie",
+      "Access-Control-Allow-Origin",
+      "Access-Control-Allow-Credentials",
+    ],
+    preflightContinue: false,
+    optionsSuccessStatus: 204,
+    maxAge: 86400, // 24 hours
   });
 
   app.use(cookieParser());