💚 fix: update cors

AI-READI · Oct 19, 2023 · 39c0b71 · 39c0b71
1 parent 9e82f3e
commit 39c0b71
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/apis/authentication.py b/apis/authentication.py
@@ -215,7 +215,7 @@ def validate_is_valid_email(instance):
         resp = make_response(user.to_dict())
 
         resp.set_cookie(
-            "token", encoded_jwt_code, secure=True, httponly=True, samesite="lax"
+            "token", encoded_jwt_code, secure=True, httponly=True, samesite="None"
         )
         resp.status_code = 200
 
@@ -359,7 +359,7 @@ def post(self):
             "",
             secure=True,
             httponly=True,
-            samesite="lax",
+            samesite="None",
             expires=datetime.datetime.now(timezone.utc),
         )
         resp.status_code = 204

diff --git a/app.py b/app.py
@@ -1,10 +1,10 @@
 """Entry point for the application."""
 import datetime
 import importlib
+import logging
 import os
 from datetime import timezone
 
-import logging
 import jwt
 from flask import Flask, request
 from flask_bcrypt import Bcrypt
@@ -69,7 +69,8 @@ def create_app(config_module=None):
             "/*": {
                 "origins": [
                     "http://localhost:3000",
-                    "https://staging.fairhub.io",
+                    "https:\/\/brave-ground-.*-.*.centralus.2.azurestaticapps.net",  # noqa E501 # pylint: disable=line-too-long # pylint: disable=anomalous-backslash-in-string
+                    "https://fairhub.io",
                 ],
             }
         },
@@ -163,7 +164,7 @@ def on_after_request(resp):
                 "",
                 secure=True,
                 httponly=True,
-                samesite="lax",
+                samesite="None",
                 expires=datetime.datetime.now(timezone.utc),
             )
             return resp
@@ -179,13 +180,13 @@ def on_after_request(resp):
             config.FAIRHUB_SECRET,
             algorithm="HS256",
         )
-        resp.set_cookie("token", new_token, secure=True, httponly=True, samesite="lax")
+        resp.set_cookie("token", new_token, secure=True, httponly=True, samesite="None")
 
         app.logger.info("after request")
         app.logger.info(request.headers.get("Origin"))
 
         resp.headers["Access-Control-Allow-Origin"] = request.headers.get("Origin")
-        # resp.headers["Access-Control-Allow-Credentials"] = "true"
+        resp.headers["Access-Control-Allow-Credentials"] = "true"
         # resp.headers[
         #     "Access-Control-Allow-Headers"
         # ] = "Content-Type, Authorization, Access-Control-Allow-Origin,