woodpecker soll nun auch das backend deployen

backend/src/routes/auth.ts

@@ -31,9 +31,8 @@ const authRoute: FastifyPluginAsync = async (fastify) => {
     reply.setCookie('oauth_state', state, {
       path: '/',
       httpOnly: true,
-      sameSite: 'lax',
-      // Use HTTPS-based detection to avoid setting Secure on localhost HTTP
-      secure: !!env.FRONTEND_URL && env.FRONTEND_URL.startsWith('https'),
+      sameSite: 'none',
+      secure: true,
       maxAge: 10 * 60, // 10 minutes
     });
 
@@ -59,7 +58,7 @@ const authRoute: FastifyPluginAsync = async (fastify) => {
       // Verify CSRF state from cookie
       const expectedState = request.cookies?.oauth_state as string | undefined;
       if (!expectedState || state !== expectedState) {
-        return reply.code(400).send({ error: 'Invalid state parameter' });
+          return reply.code(400).send({ error: 'Invalid state parameter' });
       }
 
       // Clear state cookie