AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: force secure cookie in production, reduce max_age to 1 day

Browse source 
Use TESTING env var to detect production instead of relying on
request scheme, and align cookie max_age with JWT expiry (86400s).
This commit is contained in:
ZdenekSrotyr 2026-04-09 16:31:50 +02:00
parent c55dd02196
commit 7bada9f32b
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/auth/providers/google.py
View file

@ -89,12 +89,12 @@ async def google_callback(request: Request):
jwt_token = create_access_token(user["id"], user["email"], user["role"]) jwt_token = create_access_token(user["id"], user["email"], user["role"])
# Redirect to dashboard with token in cookie # Redirect to dashboard with token in cookie
is_https = request.url.scheme == "https" is_production = os.environ.get("TESTING", "").lower() not in ("1", "true")
response = RedirectResponse(url="/dashboard", status_code=302) response = RedirectResponse(url="/dashboard", status_code=302)
response.set_cookie( response.set_cookie(
key="access_token", value=jwt_token, key="access_token", value=jwt_token,
httponly=True, max_age=86400 * 30, samesite="lax", httponly=True, max_age=86400, samesite="lax",
secure=is_https, secure=is_production,
) )
return response return response