File tree Expand file tree Collapse file tree 1 file changed +3
-3
lines changed
backend/app/api/endpoints Expand file tree Collapse file tree 1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change @@ -78,15 +78,15 @@ def set_auth_cookie(response: Response, token: str) -> None:
7878
7979 - httpOnly: JS からアクセス不可 → XSS によるトークン盗取を防止
8080 - Secure: HTTPS 経由のみ送信(開発環境では localhost のため False でも可)
81- - SameSite=Lax: CSRF 対策(外部サイトからの POST リクエストでは送信しない)
81+ - SameSite=None: 異なるドメイン間(Vercel ↔ Render)でCookie送信
8282 """
8383 is_https = urlparse (settings .FRONTEND_URL ).scheme == "https"
8484 response .set_cookie (
8585 key = AUTH_COOKIE_NAME ,
8686 value = token ,
8787 httponly = True ,
8888 secure = is_https ,
89- samesite = "lax" ,
89+ samesite = "none" if is_https else " lax" ,
9090 max_age = settings .JWT_EXPIRE_HOURS * 3600 ,
9191 path = "/" ,
9292 )
@@ -176,7 +176,7 @@ def github_login() -> RedirectResponse:
176176 value = state ,
177177 httponly = True ,
178178 secure = is_https ,
179- samesite = "lax" ,
179+ samesite = "none" if is_https else " lax" ,
180180 max_age = 600 , # 10分(HMAC ウィンドウと同期)
181181 path = "/" ,
182182 )
You can’t perform that action at this time.
0 commit comments