From 4009b0c7a82b9b55fd41c7a612e461e054959804 Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Fri, 13 Oct 2023 18:57:53 +0400 Subject: [PATCH 1/3] GH-27: Enable the `Httponly` for authorization cookie --- src/fastapi_oauth2/core.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fastapi_oauth2/core.py b/src/fastapi_oauth2/core.py index 14917e4..e882567 100644 --- a/src/fastapi_oauth2/core.py +++ b/src/fastapi_oauth2/core.py @@ -132,7 +132,7 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse: value=f"Bearer {access_token}", max_age=request.auth.expires, expires=request.auth.expires, - httponly=request.auth.http, + httponly=True, ) return response From 2b46e6ad846b52ee6c5633d4d99e047bf7ff8aa0 Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Fri, 13 Oct 2023 18:58:31 +0400 Subject: [PATCH 2/3] GH-27: Set the appropriate `Secure` value for authorization cookie --- src/fastapi_oauth2/core.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/fastapi_oauth2/core.py b/src/fastapi_oauth2/core.py index e882567..1eb6c59 100644 --- a/src/fastapi_oauth2/core.py +++ b/src/fastapi_oauth2/core.py @@ -132,6 +132,7 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse: value=f"Bearer {access_token}", max_age=request.auth.expires, expires=request.auth.expires, + secure=not request.auth.http, httponly=True, ) return response From c987c1cbb22b7ac54b009e0286159bc08865b658 Mon Sep 17 00:00:00 2001 From: Artyom Vancyan Date: Fri, 13 Oct 2023 18:59:13 +0400 Subject: [PATCH 3/3] Upgrade the version to `1.0.0-beta.3` --- src/fastapi_oauth2/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fastapi_oauth2/__init__.py b/src/fastapi_oauth2/__init__.py index 80256cd..81a2814 100644 --- a/src/fastapi_oauth2/__init__.py +++ b/src/fastapi_oauth2/__init__.py @@ -1 +1 @@ -__version__ = "1.0.0-beta.2" +__version__ = "1.0.0-beta.3"