diff options
| author | 2021-03-07 03:05:08 +0300 | |
|---|---|---|
| committer | 2021-03-07 03:05:08 +0300 | |
| commit | 99e82b5ba80c45e0e0800db93f573929ee05feea (patch) | |
| tree | eaf51dd85f4f71424c978c61bf5f2cbac22b91b4 /backend | |
| parent | Switches Forwarded Protocol Header (diff) | |
Corrects Token Cookie Domain
Removes schema from the token cookie's domain field.
Signed-off-by: Hassan Abouelela <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | backend/routes/auth/authorize.py | 6 | 
1 files changed, 2 insertions, 4 deletions
| diff --git a/backend/routes/auth/authorize.py b/backend/routes/auth/authorize.py index e782bcc..d4587f0 100644 --- a/backend/routes/auth/authorize.py +++ b/backend/routes/auth/authorize.py @@ -76,11 +76,9 @@ async def set_response_token(  ) -> None:      """Helper that handles logic for updating a token in a set-cookie response."""      origin_url = request.headers.get("origin") -    protocol = request.headers.get("X-Forwarded-Proto") or "https" -    stripped_domain = f"{protocol}://{request.url.netloc}/"      if origin_url == constants.PRODUCTION_URL: -        domain = stripped_domain +        domain = request.url.netloc          samesite = "strict"      elif not constants.PRODUCTION: @@ -88,7 +86,7 @@ async def set_response_token(          samesite = "strict"      else: -        domain = stripped_domain +        domain = request.url.netloc          samesite = "None"      response.set_cookie( | 
