opengovsg · zhongliang02 · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025
diff --git a/next.config.mjs b/next.config.mjs
@@ -16,7 +16,7 @@ const ContentSecurityPolicy = `
   };
   frame-src 'self';
   object-src 'none';
-  script-src 'self' ${env.NODE_ENV === 'production' ? '' : "'unsafe-eval'"};
+  script-src 'self' ${['test', 'development'].includes(env.NODE_ENV) ? "'unsafe-eval'" : ''};
   style-src 'self' https: 'unsafe-inline';
   connect-src 'self' https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://vitals.vercel-insights.com/v1/vitals ${
     // For POSTing presigned URLs to R2 storage.
@@ -25,7 +25,7 @@ const ContentSecurityPolicy = `
       : ''
   };
   worker-src 'self' blob:;
-  ${env.NODE_ENV === 'production' ? 'upgrade-insecure-requests' : ''}
+  ${['test', 'development'].includes(env.NODE_ENV) ? '' : 'upgrade-insecure-requests'}
 `
 
 /**

diff --git a/src/env.mjs b/src/env.mjs
@@ -193,9 +193,9 @@ if (!!process.env.SKIP_ENV_VALIDATION == false) {
       // Otherwise it would just be returning `undefined` and be annoying to debug
       if (!isServer && !prop.startsWith('NEXT_PUBLIC_'))
         throw new Error(
-          process.env.NODE_ENV === 'production'
-            ? '❌ Attempted to access a server-side environment variable on the client'
-            : `❌ Attempted to access server-side environment variable '${prop}' on the client`,
+          ['test', 'development'].includes(env.NODE_ENV)
+            ? `❌ Attempted to access server-side environment variable '${prop}' on the client`
+            : '❌ Attempted to access a server-side environment variable on the client',
         )
       return target[/** @type {keyof typeof target} */ (prop)]
     },

diff --git a/src/pages/_app.tsx b/src/pages/_app.tsx
@@ -34,7 +34,7 @@ const MyApp = ((props: AppPropsWithAuthAndLayout) => {
                 <Stack spacing={0} minH="$100vh">
                   <VersionWrapper />
                   <ChildWithLayout {...props} />
-                  {process.env.NODE_ENV !== 'production' && (
+                  {['test', 'development'].includes(env.NODE_ENV) && (
                     <ReactQueryDevtools initialIsOpen={false} />
                   )}
                 </Stack>

diff --git a/src/server/modules/auth/session.ts b/src/server/modules/auth/session.ts
@@ -9,6 +9,6 @@ export const sessionOptions: SessionOptions = {
   cookieName: 'auth.session-token',
   ttl: 60 * 60 * 24 * 7, // 7 days
   cookieOptions: {
-    secure: env.NODE_ENV === 'production',
+    secure: env.NODE_ENV !== 'development' && env.NODE_ENV !== 'test',
   },
 }
diff --git a/src/server/prisma.ts b/src/server/prisma.ts
@@ -16,6 +16,6 @@ export const prisma: PrismaClient =
     log: env.NODE_ENV === 'development' ? ['error', 'warn'] : ['error'],
   })
 
-if (env.NODE_ENV !== 'production') {
+if (['test', 'development'].includes(env.NODE_ENV)) {
   prismaGlobal.prisma = prisma
 }