Fix(Authentication): Fix error causing cookie from Auth0 for login callback method to be blocked by samesite configuration.

2025-07-11 17:35:06 +01:00
parent 4d17a9e143
commit de31150037
1 changed files with 3 additions and 2 deletions
--- a/config.py
+++ b/config.py
@@ -37,9 +37,9 @@ class Config:
        'pool_timeout': 30,
    }
    # Auth0
-    SESSION_COOKIE_SECURE = False
+    SESSION_COOKIE_SECURE = True # depends on is_producction
    SESSION_COOKIE_HTTPONLY = True
-    SESSION_COOKIE_SAMESITE = 'None'
+    SESSION_COOKIE_SAMESITE = 'None' # depends on is_producction
    REMEMBER_COOKIE_SECURE = True
    WTF_CSRF_ENABLED = True
    # WTF_CSRF_CHECK_DEFAULT = False  # We'll check it manually for API routes
@@ -95,6 +95,7 @@ class DevelopmentConfig(Config):
    DEBUG = True
    MAIL_DEBUG = True
    SESSION_COOKIE_SECURE = False
+    SESSION_COOKIE_SAMESITE = 'Lax' # depends on is_producction

 class ProductionConfig(Config):
    is_production = True