Skip to content

Commit f1607ce

Browse files
authored
Merge pull request #26 from denvudd/fix/google-oauth
fix(cookies): update cookie settings to use dynamic samesite attribut…
2 parents 82fb174 + 419a726 commit f1607ce

1 file changed

Lines changed: 6 additions & 5 deletions

File tree

apps/api/app/core/cookies.py

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,21 +4,22 @@
44

55

66
def set_auth_cookies(response: Response, access_token: str, refresh_token: str) -> None:
7-
secure = settings.ENVIRONMENT == "production"
7+
is_prod = settings.ENVIRONMENT == "production"
8+
samesite = "none" if is_prod else "lax"
89
response.set_cookie(
910
key="access_token",
1011
value=access_token,
1112
httponly=True,
12-
secure=secure,
13-
samesite="lax",
13+
secure=is_prod,
14+
samesite=samesite,
1415
max_age=settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60,
1516
)
1617
response.set_cookie(
1718
key="refresh_token",
1819
value=refresh_token,
1920
httponly=True,
20-
secure=secure,
21-
samesite="lax",
21+
secure=is_prod,
22+
samesite=samesite,
2223
max_age=settings.REFRESH_TOKEN_EXPIRE_DAYS * 24 * 60 * 60,
2324
path="/api/auth/refresh",
2425
)

0 commit comments

Comments
 (0)