emresar's picture
Upload folder using huggingface_hub
93b2bff verified
import type { CookieOptions, Request } from "express";
const LOCAL_HOSTS = new Set(["localhost", "127.0.0.1", "::1"]);
function isIpAddress(host: string) {
// Basic IPv4 check and IPv6 presence detection.
if (/^\d{1,3}(\.\d{1,3}){3}$/.test(host)) return true;
return host.includes(":");
}
function isSecureRequest(req: Request) {
if (req.protocol === "https") return true;
const forwardedProto = req.headers["x-forwarded-proto"];
if (!forwardedProto) return false;
const protoList = Array.isArray(forwardedProto)
? forwardedProto
: forwardedProto.split(",");
return protoList.some(proto => proto.trim().toLowerCase() === "https");
}
export function getSessionCookieOptions(
req: Request
): Pick<CookieOptions, "domain" | "httpOnly" | "path" | "sameSite" | "secure"> {
const hostname = req.hostname;
const isLocalhost = LOCAL_HOSTS.has(hostname);
const isSecure = isSecureRequest(req);
// Check if running on HuggingFace Spaces (always HTTPS)
const isHfSpaces = !!process.env.SPACE_HOST;
// Use Lax for same-origin auth (works across all browsers)
// Only use None for cross-site scenarios (not needed here)
return {
httpOnly: true,
path: "/",
sameSite: "lax",
// Force secure on HF Spaces (always HTTPS) or when detected
secure: isHfSpaces || isSecure,
};
}