From 99e82b5ba80c45e0e0800db93f573929ee05feea Mon Sep 17 00:00:00 2001
From: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
Date: Sun, 7 Mar 2021 03:05:08 +0300
Subject: Corrects Token Cookie Domain

Removes schema from the token cookie's domain field.

Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
---
 backend/routes/auth/authorize.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/backend/routes/auth/authorize.py b/backend/routes/auth/authorize.py
index e782bcc..d4587f0 100644
--- a/backend/routes/auth/authorize.py
+++ b/backend/routes/auth/authorize.py
@@ -76,11 +76,9 @@ async def set_response_token(
 ) -> None:
     """Helper that handles logic for updating a token in a set-cookie response."""
     origin_url = request.headers.get("origin")
-    protocol = request.headers.get("X-Forwarded-Proto") or "https"
-    stripped_domain = f"{protocol}://{request.url.netloc}/"
 
     if origin_url == constants.PRODUCTION_URL:
-        domain = stripped_domain
+        domain = request.url.netloc
         samesite = "strict"
 
     elif not constants.PRODUCTION:
@@ -88,7 +86,7 @@ async def set_response_token(
         samesite = "strict"
 
     else:
-        domain = stripped_domain
+        domain = request.url.netloc
         samesite = "None"
 
     response.set_cookie(
-- 
cgit v1.2.3