Sets Token Cookie To Same Site To Lax

Sets the authorization token cookie's security policy to lax, to allow it to work on the site. Signed-off-by: Hassan Abouelela <[email protected]>
author: Hassan Abouelela <[email protected]> 2021-03-06 23:19:08 +0300
committer: Hassan Abouelela <[email protected]> 2021-03-06 23:19:08 +0300
commit: 013ea9006352ed714cbbd561880770062ea3a0e9 (patch)
tree: 0cf23deeb078b91824b2ec72e75b2803be263613 /backend/routes/forms
parent: Merge pull request #58 from python-discord/token-expiry (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py
index 8680b2d..8803b7c 100644
--- a/backend/routes/forms/submit.py
+++ b/backend/routes/forms/submit.py
@@ -76,7 +76,7 @@ class SubmitForm(Route):
 
                     response.set_cookie(
                         "token", f"JWT {request.user.token}",
-                        secure=constants.PRODUCTION, httponly=True, samesite="strict",
+                        secure=constants.PRODUCTION, httponly=True, samesite="lax",
                         max_age=(expiry - datetime.datetime.now()).seconds
                     )
author	Hassan Abouelela <[email protected]>	2021-03-06 23:19:08 +0300
committer	Hassan Abouelela <[email protected]>	2021-03-06 23:19:08 +0300
commit	013ea9006352ed714cbbd561880770062ea3a0e9 (patch)
tree	0cf23deeb078b91824b2ec72e75b2803be263613 /backend/routes/forms
parent	Merge pull request #58 from python-discord/token-expiry (diff)