mirror of
https://github.com/MODSetter/SurfSense.git
synced 2026-05-03 12:52:39 +02:00
Merge pull request #1236 from MODSetter/dev
Some checks are pending
Build and Push Docker Images / tag_release (push) Waiting to run
Build and Push Docker Images / build (./surfsense_backend, ./surfsense_backend/Dockerfile, backend, surfsense-backend, ubuntu-24.04-arm, linux/arm64, arm64) (push) Blocked by required conditions
Build and Push Docker Images / build (./surfsense_backend, ./surfsense_backend/Dockerfile, backend, surfsense-backend, ubuntu-latest, linux/amd64, amd64) (push) Blocked by required conditions
Build and Push Docker Images / build (./surfsense_web, ./surfsense_web/Dockerfile, web, surfsense-web, ubuntu-24.04-arm, linux/arm64, arm64) (push) Blocked by required conditions
Build and Push Docker Images / build (./surfsense_web, ./surfsense_web/Dockerfile, web, surfsense-web, ubuntu-latest, linux/amd64, amd64) (push) Blocked by required conditions
Build and Push Docker Images / create_manifest (backend, surfsense-backend) (push) Blocked by required conditions
Build and Push Docker Images / create_manifest (web, surfsense-web) (push) Blocked by required conditions
Some checks are pending
Build and Push Docker Images / tag_release (push) Waiting to run
Build and Push Docker Images / build (./surfsense_backend, ./surfsense_backend/Dockerfile, backend, surfsense-backend, ubuntu-24.04-arm, linux/arm64, arm64) (push) Blocked by required conditions
Build and Push Docker Images / build (./surfsense_backend, ./surfsense_backend/Dockerfile, backend, surfsense-backend, ubuntu-latest, linux/amd64, amd64) (push) Blocked by required conditions
Build and Push Docker Images / build (./surfsense_web, ./surfsense_web/Dockerfile, web, surfsense-web, ubuntu-24.04-arm, linux/arm64, arm64) (push) Blocked by required conditions
Build and Push Docker Images / build (./surfsense_web, ./surfsense_web/Dockerfile, web, surfsense-web, ubuntu-latest, linux/amd64, amd64) (push) Blocked by required conditions
Build and Push Docker Images / create_manifest (backend, surfsense-backend) (push) Blocked by required conditions
Build and Push Docker Images / create_manifest (web, surfsense-web) (push) Blocked by required conditions
feat: update anonymous chat cookie settings for cross-site compatibility
This commit is contained in:
Rohan Verma
GitHub
commit
ba2a2fd529
1 changed files with 12 additions and 2 deletions
|
|
@ -26,6 +26,16 @@ router = APIRouter(prefix="/api/v1/public/anon-chat", tags=["anonymous-chat"])
|
|||
ANON_COOKIE_NAME = "surfsense_anon_session"
|
||||
ANON_COOKIE_MAX_AGE = config.ANON_TOKEN_QUOTA_TTL_DAYS * 86400
|
||||
|
||||
# Cross-site cookie settings: when the backend runs on a different domain
|
||||
# than the frontend (e.g. api.x.com vs www.y.com), browsers reject
|
||||
# SameSite=Lax cookies on fetch() calls. Use SameSite=None + Secure
|
||||
# in production (HTTPS) so the cookie is sent cross-site.
|
||||
_IS_SECURE_CONTEXT = bool(
|
||||
config.BACKEND_URL and config.BACKEND_URL.startswith("https://")
|
||||
)
|
||||
_COOKIE_SAMESITE: str = "none" if _IS_SECURE_CONTEXT else "lax"
|
||||
_COOKIE_SECURE: bool = _IS_SECURE_CONTEXT
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Helpers
|
||||
|
|
@ -43,8 +53,8 @@ def _get_or_create_session_id(request: Request, response: Response) -> str:
|
|||
value=session_id,
|
||||
max_age=ANON_COOKIE_MAX_AGE,
|
||||
httponly=True,
|
||||
samesite="lax",
|
||||
secure=request.url.scheme == "https",
|
||||
samesite=_COOKIE_SAMESITE,
|
||||
secure=_COOKIE_SECURE,
|
||||
path="/",
|
||||
)
|
||||
return session_id
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue