Try again with headers

UW-Macrostrat · Oct 18, 2024 · 409c0e6 · 409c0e6
1 parent d63ec8c
commit 409c0e6
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/api/routes/security.py b/api/routes/security.py
@@ -301,20 +301,29 @@ async def redirect_callback(code: str, state: Optional[str] = None):
             response = RedirectResponse(state if state else "/")
             redirect_domain = urllib.parse.urlparse(state).netloc
 
-            details = dict(
+            # Set a cookie for the API domain
+            response.set_cookie(
                 key=access_token_key,
                 value=f"Bearer {access_token}",
                 httponly=True,
+                domain=domain,
                 samesite="lax",
             )
-
-            # Set a cookie for the API domain
-            response.set_cookie(**details, domain=domain)
             # Set the same cookie for localhost if we're doing a redirect to another domain (this is likely a dev mode request)
             # We may want to restrict this to development environments in the future...
             # if redirect_domain not in [domain, ""]:
-            response.set_cookie(**details, domain="localhost")
-            response.set_cookie(**details)
+            response.set_cookie(
+                key=access_token_key,
+                value=f"Bearer {access_token}",
+                httponly=True,
+                domain="localhost",
+                samesite="lax",
+            )
+            response.set_cookie(
+                key=access_token_key,
+                value=f"Bearer {access_token}",
+                httponly=True,
+            )
 
             return response