aboutsummaryrefslogtreecommitdiffstats
path: root/backend/routes/forms
diff options
context:
space:
mode:
authorGravatar Joe Banks <[email protected]>2021-03-06 21:21:26 +0000
committerGravatar GitHub <[email protected]>2021-03-06 21:21:26 +0000
commit606db35c813f807fe9d06130ad8482da933a050a (patch)
treece5b0f0499be2b0caee1fb3a03fd1cd58e6a2dee /backend/routes/forms
parentRevert "Sets Token Cookie To Same Site To Lax" (diff)
parentMakes Helper To Handle Token SameSite Logic (diff)
Merge pull request #68 from python-discord/dynamic-token-origin
Fixes SameSite For Deploy Previews
Diffstat (limited to 'backend/routes/forms')
-rw-r--r--backend/routes/forms/submit.py9
1 files changed, 4 insertions, 5 deletions
diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py
index 8680b2d..975307b 100644
--- a/backend/routes/forms/submit.py
+++ b/backend/routes/forms/submit.py
@@ -20,6 +20,7 @@ from backend import constants
from backend.authentication.user import User
from backend.models import Form, FormResponse
from backend.route import Route
+from backend.routes.auth.authorize import set_response_token
from backend.routes.forms.unittesting import execute_unittest
from backend.validation import ErrorMessage, api
@@ -74,11 +75,9 @@ class SubmitForm(Route):
except ValueError:
expiry = None
- response.set_cookie(
- "token", f"JWT {request.user.token}",
- secure=constants.PRODUCTION, httponly=True, samesite="strict",
- max_age=(expiry - datetime.datetime.now()).seconds
- )
+ origin = request.headers.get("origin")
+ expiry_seconds = (expiry - datetime.datetime.now()).seconds
+ await set_response_token(response, origin, request.user.token, expiry_seconds)
except httpx.HTTPStatusError:
pass
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-19 19:03:56 +0000