set the domain for the token cookies w/ burnettk
This commit is contained in:
parent
3cae7055a1
commit
9103118326
|
@ -2,6 +2,7 @@
|
|||
import ast
|
||||
import base64
|
||||
import json
|
||||
import re
|
||||
from typing import Any
|
||||
from typing import Dict
|
||||
from typing import Optional
|
||||
|
@ -177,16 +178,20 @@ def set_new_access_token_in_cookie(
|
|||
It will also delete the cookies if the user has logged out.
|
||||
"""
|
||||
tld = current_app.config["THREAD_LOCAL_DATA"]
|
||||
domain_for_frontend_cookie: Optional[str] = re.sub(r"^https?:\/\/", '', current_app.config['SPIFFWORKFLOW_FRONTEND_URL'])
|
||||
if domain_for_frontend_cookie and domain_for_frontend_cookie.startswith('localhost'):
|
||||
domain_for_frontend_cookie = None
|
||||
|
||||
if hasattr(tld, "new_access_token") and tld.new_access_token:
|
||||
response.set_cookie("access_token", tld.new_access_token)
|
||||
response.set_cookie("access_token", tld.new_access_token, domain=domain_for_frontend_cookie)
|
||||
|
||||
# id_token is required for logging out since this gets passed back to the openid server
|
||||
if hasattr(tld, "new_id_token") and tld.new_id_token:
|
||||
response.set_cookie("id_token", tld.new_id_token)
|
||||
response.set_cookie("id_token", tld.new_id_token, domain=domain_for_frontend_cookie)
|
||||
|
||||
if hasattr(tld, "user_has_logged_out") and tld.user_has_logged_out:
|
||||
response.set_cookie("id_token", "", max_age=0)
|
||||
response.set_cookie("access_token", "", max_age=0)
|
||||
response.set_cookie("id_token", "", max_age=0, domain=domain_for_frontend_cookie)
|
||||
response.set_cookie("access_token", "", max_age=0, domain=domain_for_frontend_cookie)
|
||||
|
||||
_clear_auth_tokens_from_thread_local_data()
|
||||
|
||||
|
|
Loading…
Reference in New Issue