From 9103118326829ca631acc62bebbbcfa1361ce8a7 Mon Sep 17 00:00:00 2001 From: jasquat Date: Thu, 12 Jan 2023 11:50:11 -0500 Subject: [PATCH] set the domain for the token cookies w/ burnettk --- src/spiffworkflow_backend/routes/user.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/spiffworkflow_backend/routes/user.py b/src/spiffworkflow_backend/routes/user.py index cc7c9bd4..e461def9 100644 --- a/src/spiffworkflow_backend/routes/user.py +++ b/src/spiffworkflow_backend/routes/user.py @@ -2,6 +2,7 @@ import ast import base64 import json +import re from typing import Any from typing import Dict from typing import Optional @@ -177,16 +178,20 @@ def set_new_access_token_in_cookie( It will also delete the cookies if the user has logged out. """ tld = current_app.config["THREAD_LOCAL_DATA"] + domain_for_frontend_cookie: Optional[str] = re.sub(r"^https?:\/\/", '', current_app.config['SPIFFWORKFLOW_FRONTEND_URL']) + if domain_for_frontend_cookie and domain_for_frontend_cookie.startswith('localhost'): + domain_for_frontend_cookie = None + if hasattr(tld, "new_access_token") and tld.new_access_token: - response.set_cookie("access_token", tld.new_access_token) + response.set_cookie("access_token", tld.new_access_token, domain=domain_for_frontend_cookie) # id_token is required for logging out since this gets passed back to the openid server if hasattr(tld, "new_id_token") and tld.new_id_token: - response.set_cookie("id_token", tld.new_id_token) + response.set_cookie("id_token", tld.new_id_token, domain=domain_for_frontend_cookie) if hasattr(tld, "user_has_logged_out") and tld.user_has_logged_out: - response.set_cookie("id_token", "", max_age=0) - response.set_cookie("access_token", "", max_age=0) + response.set_cookie("id_token", "", max_age=0, domain=domain_for_frontend_cookie) + response.set_cookie("access_token", "", max_age=0, domain=domain_for_frontend_cookie) _clear_auth_tokens_from_thread_local_data()