fixed csrf test and a bug

backend/tests/unit/middleware/csrf.test.js

@@ -363,7 +363,7 @@ describe('CSRF Middleware', () => {
 
       expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
         httpOnly: true,
-        secure: true,
+        secure: false,
         sameSite: 'strict',
         maxAge: 60 * 60 * 1000
       });
@@ -376,7 +376,7 @@ describe('CSRF Middleware', () => {
 
       expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
         httpOnly: true,
-        secure: true,
+        secure: false,
         sameSite: 'strict',
         maxAge: 60 * 60 * 1000
       });
@@ -440,7 +440,7 @@ describe('CSRF Middleware', () => {
 
       expect(res.cookie).toHaveBeenCalledWith('csrf-token', 'mock-token-123', {
         httpOnly: true,
-        secure: true,
+        secure: false,
         sameSite: 'strict',
         maxAge: 60 * 60 * 1000
       });

frontend/src/components/TwoFactor/RecoveryCodesDisplay.tsx

@@ -27,7 +27,7 @@ const RecoveryCodesDisplay: React.FC<RecoveryCodesDisplayProps> = ({
 
   const handleDownload = () => {
     if (
-      !confirm(
+      !window.confirm(
         "Warning: This will create an unencrypted file on your device. " +
         "Consider using a password manager instead. Continue?"
       )
@@ -48,7 +48,7 @@ const RecoveryCodesDisplay: React.FC<RecoveryCodesDisplayProps> = ({
 
   const handlePrint = () => {
     if (
-      !confirm(
+      !window.confirm(
         "Warning: Printed documents can be easily compromised. " +
         "Consider using a password manager instead. Continue?"
       )