fix: secure cookies for integration
This commit is contained in:
parent
e76573d880
commit
9f3af5ab48
1 changed files with 4 additions and 4 deletions
|
|
@ -17,10 +17,10 @@ ALGORITHM = APP_CONFIG.get("Auth_ALGORITHM")
|
|||
ACCESS_TOKEN_EXPIRE_MINUTES = int(APP_CONFIG.get("APP_TOKEN_EXPIRY"))
|
||||
REFRESH_TOKEN_EXPIRE_DAYS = int(APP_CONFIG.get("APP_REFRESH_TOKEN_EXPIRY", "7"))
|
||||
|
||||
# Cookie security settings - use secure cookies only in production (HTTPS)
|
||||
# In development (HTTP), secure=True would prevent cookies from being set/cleared properly
|
||||
ENV_TYPE = APP_CONFIG.get("APP_ENV_TYPE", "dev")
|
||||
USE_SECURE_COOKIES = ENV_TYPE in ["prod", "production"]
|
||||
# Cookie security settings - use secure cookies based on whether API uses HTTPS
|
||||
# Cookies must have secure=True on HTTPS sites, secure=False on HTTP sites
|
||||
APP_API_URL = APP_CONFIG.get("APP_API_URL", "http://localhost:8000")
|
||||
USE_SECURE_COOKIES = APP_API_URL.startswith("https://") if APP_API_URL else False
|
||||
|
||||
|
||||
def createAccessToken(data: dict, expiresDelta: Optional[timedelta] = None) -> Tuple[str, "datetime"]:
|
||||
|
|
|
|||
Loading…
Reference in a new issue