Spaces:
Running
Running
Commit ·
66e834a
1
Parent(s): b9161fb
Fix iframe cookie issues for HF Spaces
Browse filesBased on HF official docs about iframe cookie problems:
1. Ensure SameSite=None for iframe cookies in HF Spaces
- Critical for cross-origin iframe cookie support
2. Add target='_blank' to login button
- Opens login in new tab as recommended by HF docs
- Avoids iframe cookie restrictions
3. Add auto-refresh login detection
- JavaScript checks login status every 3s
- Auto-redirects when user is authenticated
- Better UX for iframe login flow
This should fix the session persistence issue we've been seeing.
- backend/app.py +2 -2
- backend/routers/auth.py +22 -2
backend/app.py
CHANGED
|
@@ -72,8 +72,8 @@ if is_huggingface_space():
|
|
| 72 |
app.add_middleware(
|
| 73 |
SessionMiddleware,
|
| 74 |
secret_key=session_secret,
|
| 75 |
-
max_age=3600, # Shorter expiry for HF Spaces (1 hour)
|
| 76 |
-
same_site="none", #
|
| 77 |
https_only=True, # HF Spaces uses HTTPS
|
| 78 |
# Note: SessionMiddleware doesn't support custom cookie name, using default
|
| 79 |
)
|
|
|
|
| 72 |
app.add_middleware(
|
| 73 |
SessionMiddleware,
|
| 74 |
secret_key=session_secret,
|
| 75 |
+
max_age=3600, # Shorter expiry for HF Spaces (1 hour)
|
| 76 |
+
same_site="none", # CRITICAL: Required for iframe cookies in HF Spaces
|
| 77 |
https_only=True, # HF Spaces uses HTTPS
|
| 78 |
# Note: SessionMiddleware doesn't support custom cookie name, using default
|
| 79 |
)
|
backend/routers/auth.py
CHANGED
|
@@ -337,13 +337,33 @@ async def login_page(request: Request):
|
|
| 337 |
• Maintains service quality and availability
|
| 338 |
</div>
|
| 339 |
|
| 340 |
-
|
| 341 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 342 |
|
| 343 |
<p style="margin-top: 30px; font-size: 12px; color: #888;">
|
| 344 |
By logging in, you agree to use this service responsibly and in accordance with our usage policies.
|
| 345 |
</p>
|
| 346 |
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 347 |
</body>
|
| 348 |
</html>
|
| 349 |
"""
|
|
|
|
| 337 |
• Maintains service quality and availability
|
| 338 |
</div>
|
| 339 |
|
| 340 |
+
<p>Please log in with your Hugging Face account to continue.</p>
|
| 341 |
+
<a href="/auth/login" class="login-btn" target="_blank">🚀 Login with Hugging Face</a>
|
| 342 |
+
|
| 343 |
+
<p style="margin-top: 20px; font-size: 12px; color: #666;">
|
| 344 |
+
<strong>Note:</strong> The login will open in a new tab. After logging in, please close the tab and refresh this page.
|
| 345 |
+
</p>
|
| 346 |
|
| 347 |
<p style="margin-top: 30px; font-size: 12px; color: #888;">
|
| 348 |
By logging in, you agree to use this service responsibly and in accordance with our usage policies.
|
| 349 |
</p>
|
| 350 |
</div>
|
| 351 |
+
|
| 352 |
+
<script>
|
| 353 |
+
// Check for login status every 3 seconds
|
| 354 |
+
setInterval(async function() {
|
| 355 |
+
try {
|
| 356 |
+
const response = await fetch('/auth/status');
|
| 357 |
+
const data = await response.json();
|
| 358 |
+
if (data.user_authenticated) {
|
| 359 |
+
// User is logged in, redirect to main app
|
| 360 |
+
window.location.href = '/';
|
| 361 |
+
}
|
| 362 |
+
} catch (error) {
|
| 363 |
+
console.log('Checking login status...');
|
| 364 |
+
}
|
| 365 |
+
}, 3000);
|
| 366 |
+
</script>
|
| 367 |
</body>
|
| 368 |
</html>
|
| 369 |
"""
|