Spaces:

Legal-Assistant
/

LawBot

Running

Vishwanath77 commited on 28 days ago

Commit

063acf6

verified ·

1 Parent(s): ef94197

Upload app.py

Files changed (1) hide show

src/apps/app.py CHANGED Viewed

@@ -173,14 +173,14 @@ async def login(response: Response, user: UserLogin, db: AsyncSession = Depends(
     access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
     access_token = create_access_token(data={"sub": db_user.username, "role": db_user.role}, expires_delta=access_token_expires)
-    # Set secure cookie
     response.set_cookie(
         key="access_token",
         value=access_token,
         httponly=True,
         max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60,
-        samesite="lax",
-        secure=True  # Required for Hugging Face HTTPS
     )
     print(f"Login successful for {db_user.username}, role: {db_user.role}")
@@ -196,7 +196,7 @@ async def login(response: Response, user: UserLogin, db: AsyncSession = Depends(
 async def logout(response: Response):
     response.delete_cookie(
         key="access_token",
-        samesite="lax",
         secure=True
     )
     return {"message": "Logged out successfully"}

     access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
     access_token = create_access_token(data={"sub": db_user.username, "role": db_user.role}, expires_delta=access_token_expires)
+    # Set secure cookie - use samesite="none" for Hugging Face iframes
     response.set_cookie(
         key="access_token",
         value=access_token,
         httponly=True,
         max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60,
+        samesite="none",
+        secure=True  # Required for Hugging Face HTTPS and samesite="none"
     )
     print(f"Login successful for {db_user.username}, role: {db_user.role}")
 async def logout(response: Response):
     response.delete_cookie(
         key="access_token",
+        samesite="none",
         secure=True
     )
     return {"message": "Logged out successfully"}