docs: add safari cookie secure flag note

backend/config/config.go

@@ -278,7 +278,10 @@ type Cookie struct {
 	// more details.
 	SameSite string `yaml:"same_site" json:"same_site,omitempty" koanf:"same_site" split_words:"true" jsonschema:"default=strict,enum=strict,enum=lax,enum=none"`
 	// `secure` indicates whether the cookie is sent to the server only when a request is made with the https: scheme
-	// (except on localhost)
+	// (except on localhost).
+	//
+	// NOTE: `secure` must be set to `false` when working on `localhost` and with the Safari browser because it does
+	// not store secure cookies on `localhost`.
 	Secure bool `yaml:"secure" json:"secure,omitempty" koanf:"secure" jsonschema:"default=true"`
 }
 

backend/json_schema/hanko.config.json

@@ -149,7 +149,7 @@
         "convert_legacy_config": {
           "type": "boolean",
           "description": "`convert_legacy_config`, if set to `true`, automatically copies the set values of deprecated configuration\noptions, to new ones. If set to `false`, these values have to be set manually if non-default values should be\nused.",
-          "default": true
+          "default": false
         },
         "database": {
           "$ref": "#/$defs/Database",
@@ -284,7 +284,7 @@
         },
         "secure": {
           "type": "boolean",
-          "description": "`secure` indicates whether the cookie is sent to the server only when a request is made with the https: scheme\n(except on localhost)",
+          "description": "`secure` indicates whether the cookie is sent to the server only when a request is made with the https: scheme\n(except on localhost).\n\nNOTE: `secure` must be set to `false` when working on `localhost` and with the Safari browser because it does\nnot store secure cookies on `localhost`.",
           "default": true
         }
       },