From 32b5e0223dcd096ccb0ab27aa4c2f0c66f45de0f Mon Sep 17 00:00:00 2001
From: Benjamin Admin <benjaminadmin@MacBook-Pro.local>
Date: Mon, 13 Apr 2026 17:11:36 +0200
Subject: [PATCH] fix(pitch-deck): use explicit PITCH_SECURE_COOKIE flag for
 cookie security

HTTP access on local network was blocked by secure cookie flag when
NODE_ENV=production. Now requires explicit opt-in via env var.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 pitch-deck/lib/admin-auth.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pitch-deck/lib/admin-auth.ts b/pitch-deck/lib/admin-auth.ts
index ad0d405..0d8dc6c 100644
--- a/pitch-deck/lib/admin-auth.ts
+++ b/pitch-deck/lib/admin-auth.ts
@@ -112,7 +112,7 @@ export async function setAdminCookie(jwt: string): Promise<void> {
   const cookieStore = await cookies()
   cookieStore.set(ADMIN_COOKIE_NAME, jwt, {
     httpOnly: true,
-    secure: process.env.NODE_ENV === 'production',
+    secure: process.env.PITCH_SECURE_COOKIE === 'true',
     sameSite: 'lax',
     path: '/',
     maxAge: ADMIN_SESSION_EXPIRY_HOURS * 60 * 60,