secure cookies fix

Femto.Api/Sessions/HttpContextSessionExtensions.cs

@@ -2,6 +2,7 @@ using System.Text.Json;
 using System.Text.Json.Serialization;
 using Femto.Api.Auth;
 using Femto.Modules.Auth.Application.Dto;
+using Microsoft.Extensions.Options;
 
 namespace Femto.Api.Sessions;
 
@@ -10,12 +11,12 @@ internal static class HttpContextSessionExtensions
     public static void SetSession(
         this HttpContext httpContext,
         Session session,
-        UserInfo user,
-        CookieSettings cookieSettings
+        UserInfo user
     )
     {
-        var secure = cookieSettings.Secure;
-        var sameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified;
+        var cookieSettings = httpContext.RequestServices.GetService<IOptions<CookieSettings>>();
+        var secure = cookieSettings?.Value.Secure ?? true;
+        var sameSite = secure ? SameSiteMode.None : SameSiteMode.Unspecified;
         var expires = session.Expires;
 
         httpContext.Response.Cookies.Append(
@@ -42,8 +43,8 @@ internal static class HttpContextSessionExtensions
             ),
             new CookieOptions
             {
-                Secure = cookieSettings.Secure,
-                SameSite = cookieSettings.SameSite ? SameSiteMode.Strict : SameSiteMode.Unspecified,
+                Secure = secure,
+                SameSite = sameSite,
                 Expires = session.Expires,
             }
         );