manchenkoff · manchenkoff · Nov 19, 2024 · Nov 19, 2024
diff --git a/src/runtime/storages/cookieTokenStorage.ts b/src/runtime/storages/cookieTokenStorage.ts
@@ -1,11 +1,11 @@
 import { unref } from 'vue'
 import type { TokenStorage } from '../types/config'
-import { useCookie, type NuxtApp } from '#app'
+import { useCookie, type NuxtApp, useRequestURL } from '#app'
 
 const cookieTokenKey = 'sanctum.token.cookie'
 
 /**
- * Token storage using a secure cookie.
+ * Token storage using a secure cookie for HTTPS and plain cookie for HTTP.
  * Works with both CSR/SSR modes.
  */
 export const cookieTokenStorage: TokenStorage = {
@@ -18,7 +18,8 @@ export const cookieTokenStorage: TokenStorage = {
 
   async set(app: NuxtApp, token?: string) {
     await app.runWithContext(() => {
-      const cookie = useCookie(cookieTokenKey, { secure: true })
+      const isSecure = useRequestURL().protocol.startsWith('https')
+      const cookie = useCookie(cookieTokenKey, { secure: isSecure })
       cookie.value = token
     })
   },