From 48f2d1c33cad8599b909d2d88e6a0ae25b415867 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A2=A8=E6=A2=93=E6=9F=92?= <1787882683@qq.com>
Date: Tue, 16 Dec 2025 13:19:47 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E5=A2=9E=E5=BC=BA=20Cookie=20=E8=AE=BE?=
 =?UTF-8?q?=E7=BD=AE=E6=97=A5=E5=BF=97=EF=BC=8C=E6=8F=90=E4=BE=9B=20HTTPS?=
 =?UTF-8?q?=20=E9=85=8D=E7=BD=AE=E5=BB=BA=E8=AE=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/webui/auth.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/webui/auth.py b/src/webui/auth.py
index cfedc13b..6f527a04 100644
--- a/src/webui/auth.py
+++ b/src/webui/auth.py
@@ -108,7 +108,12 @@ def set_auth_cookie(response: Response, token: str, request: Optional[Request] =
         
         # 如果是 HTTP 连接，强制禁用 secure 标志
         if not is_https and is_secure:
-            logger.warning("检测到 HTTP 连接但配置要求 secure cookie，强制禁用 secure 以允许 cookie 工作")
+            logger.warning("=" * 80)
+            logger.warning("检测到 HTTP 连接但环境配置要求 HTTPS (secure cookie)")
+            logger.warning("已自动禁用 secure 标志以允许登录，但建议修改配置：")
+            logger.warning("1. 在 .env 文件中设置: WEBUI_SECURE_COOKIE=false")
+            logger.warning("2. 如果使用反向代理，请确保正确配置 X-Forwarded-Proto 头")
+            logger.warning("=" * 80)
             is_secure = False
     
     # 设置 Cookie