AUTH_COOKIE_DOMAIN

backend/.env.template

@@ -11,5 +11,6 @@ AUTH_ST_TTL=300
 AUTH_SESSION_TTL=86400
 AUTH_SERVICES_LOGOUT=http://localhost:5203/api/v1/auth/sso-signout
 AUTH_IS_HTTPS=false
+AUTH_COOKIE_DOMAIN=localhost
 
 CORS_ALLOW_ORIGINS=http://localhost:3000

backend/config/config.go

@@ -26,10 +26,11 @@ type OauthConfig struct {
 }
 
 type AuthConfig struct {
-	STTTL      int
-	SessionTTL int
-	Services   []string
-	IsHTTPS    bool
+	STTTL        int
+	SessionTTL   int
+	Services     []string
+	IsHTTPS      bool
+	CookieDomain string
 }
 
 type CorsConfig struct {
@@ -82,10 +83,11 @@ func LoadConfig() (*Config, error) {
 	servicesLogoutString := os.Getenv("AUTH_SERVICES_LOGOUT")
 	servicesLogout := strings.Split(servicesLogoutString, ",")
 	authConfig := AuthConfig{
-		STTTL:      int(STTTL),
-		SessionTTL: int(sessionTTL),
-		Services:   servicesLogout,
-		IsHTTPS:    os.Getenv("AUTH_IS_HTTPS") == "true",
+		STTTL:        int(STTTL),
+		SessionTTL:   int(sessionTTL),
+		Services:     servicesLogout,
+		IsHTTPS:      os.Getenv("AUTH_IS_HTTPS") == "true",
+		CookieDomain: os.Getenv("AUTH_COOKIE_DOMAIN"),
 	}
 
 	return &Config{

backend/internal/auth/auth.handler.go

@@ -179,7 +179,7 @@ func (h *handlerImpl) VerifyGoogleLogin(c context.Ctx) {
 		return
 	}
 
-	c.SetCookie("CASTGC", session.Token, h.conf.SessionTTL, "/", "localhost", h.conf.IsHTTPS, true)
+	c.SetCookie("CASTGC", session.Token, h.conf.SessionTTL, "/", h.conf.CookieDomain, h.conf.IsHTTPS, true)
 
 	c.JSON(200, &dto.ServiceTicketToken{
 		ServiceTicket: serviceTicket.Token,

docker-compose.qa.template.yml

@@ -16,6 +16,7 @@ services:
       AUTH_SESSION_TTL: 86400
       AUTH_SERVICES_LOGOUT: http://sso_svc_1:80/api/v1/auth/sso-signout,http://sso_svc_2:80/api/v1/auth/sso-signout
       AUTH_IS_HTTPS: "false"
+      AUTH_COOKIE_DOMAIN: localhost
       CORS_ALLOW_ORIGINS: http://localhost:3000,http://sso_svc_1:5203,http://sso_svc_2:5204
     networks:
       - sso