fix: (temp) disable xframe check and set same-site cookie to none

.env.example

@@ -1,5 +1,5 @@
 # node ace generate:key
-APP_KEY=UfdS996001I_koCN1OiZiSh-DJZTyvGc
+APP_KEY=soY8ZAtItT_fCkNUADfgffZUUo675lOj
 TZ=UTC
 PORT=3333
 HOST=localhost
@@ -13,4 +13,4 @@ DB_PASSWORD=my-links-pwd
 DB_DATABASE=my-links
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
-GOOGLE_CLIENT_CALLBACK_URL=http://localhost:3333/auth/callback
+GOOGLE_CLIENT_CALLBACK_URL=http://localhost:3333/auth/callback

config/session.ts

@@ -1,5 +1,4 @@
 import env from '#start/env';
-import app from '@adonisjs/core/services/app';
 import { defineConfig, stores } from '@adonisjs/session';
 
 const sessionConfig = defineConfig({
@@ -16,7 +15,7 @@ const sessionConfig = defineConfig({
    * Define how long to keep the session data alive without
    * any activity.
    */
-  age: '2h',
+  age: '7d',
 
   /**
    * Configuration for session cookie and the
@@ -25,8 +24,10 @@ const sessionConfig = defineConfig({
   cookie: {
     path: '/',
     httpOnly: true,
-    secure: app.inProduction,
+    secure: true,
-    sameSite: 'lax',
+
+    // TODO: set this to lax and found a solution to keep auth when using extension
+    sameSite: 'none',
   },
 
   /**

config/shield.ts

@@ -27,9 +27,7 @@ const shieldConfig = defineConfig({
    * iFrames
    */
   xFrame: {
-    enabled: true,
+    enabled: false,
-    action: 'ALLOW-FROM',
-    domain: '*',
   },
 
   /**