Level up the cookie security (GH-29)

ArtyomVancyan · web-flow · commit cc28bdae28b4 · 2023-10-13T19:20:05.000+04:00
diff --git a/src/fastapi_oauth2/__init__.py b/src/fastapi_oauth2/__init__.py
@@ -1 +1 @@
-__version__ = "1.0.0-beta.2"
+__version__ = "1.0.0-beta.3"
diff --git a/src/fastapi_oauth2/core.py b/src/fastapi_oauth2/core.py
@@ -132,7 +132,8 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse:
             value=f"Bearer {access_token}",
             max_age=request.auth.expires,
             expires=request.auth.expires,
-            httponly=request.auth.http,
+            secure=not request.auth.http,
+            httponly=True,
         )
         return response
 

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,8 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse:`
`132`	`132`	`value=f"Bearer {access_token}",`
`133`	`133`	`max_age=request.auth.expires,`
`134`	`134`	`expires=request.auth.expires,`
`135`		`- httponly=request.auth.http,`
	`135`	`+ secure=not request.auth.http,`
	`136`	`+ httponly=True,`
`136`	`137`	`)`
`137`	`138`	`return response`
`138`	`139`