Hugging Face's logo

Spaces:
tlong-ds
/
thelearninghouse-api
Sleeping

App Files Community
tlong-ds commited on
Commit
3dfabb3
·
verified ·
1 Parent(s): 96f7504

Update services/api/db/auth.py

Browse files
Files changed (1) hide show
  1. services/api/db/auth.py +8 -5
services/api/db/auth.py CHANGED
@@ -40,7 +40,9 @@ app.add_middleware(
40
  "http://localhost:3000",
41
  "http://127.0.0.1:3000",
42
  "https://tlong-ds.github.io",
43
- "https://tlong-ds.github.io/thelearninghouse/"
 
 
44
  ],
45
  allow_credentials=True,
46
  allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
@@ -156,14 +158,15 @@ async def login(response: Response, payload: LoginPayload):
156
  print(f"Authentication successful for: {payload.username}")
157
 
158
  token = create_token(user_data)
 
159
  response.set_cookie(
160
  key="auth_token",
161
  value=token,
162
- httponly=False, # Cookie cannot be accessed by JavaScript
163
- samesite="Lax", # More secure than None
164
- secure=True, # Only send cookie over HTTPS
165
  path="/",
166
- max_age=604800 # 7 days
167
  )
168
  return {
169
  "message": f"Login successful for {user_data['username']}",
 
40
  "http://localhost:3000",
41
  "http://127.0.0.1:3000",
42
  "https://tlong-ds.github.io",
43
+ "https://tlong-ds.github.io/thelearninghouse/",
44
+ "https://*.hf.space",
45
+ "https://*.huggingface.co"
46
  ],
47
  allow_credentials=True,
48
  allow_methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
 
158
  print(f"Authentication successful for: {payload.username}")
159
 
160
  token = create_token(user_data)
161
+ # Set cookie with less restrictive settings for cross-origin
162
  response.set_cookie(
163
  key="auth_token",
164
  value=token,
165
+ httponly=False,
166
+ samesite="None", # Allow cross-site cookie
167
+ secure=True,
168
  path="/",
169
+ max_age=604800
170
  )
171
  return {
172
  "message": f"Login successful for {user_data['username']}",