changed cors/cookie settings

diff --git a/backend/server/main.py b/backend/server/main.py
index c358ad34af19ba5dc74db39d17012971165802e0..ab10bfd477a92bf38404e37e6363ccf371ac1bd6 100644 (file)
--- a/backend/server/main.py
+++ b/backend/server/main.py
@@ -15,6 +15,8 @@ app = FastAPI()
 origins = [
     "http://localhost:5173",
     "localhost:5173",
+    "http://192.168.1.35:5173",
+    "192.168.1.35:5173"
 ]
 
 app.add_middleware(
@@ -28,8 +30,5 @@ app.add_middleware(
 app.include_router(users.router, prefix="/users")
 app.include_router(logs.router, prefix="/logs")
 
-@app.get("/")
-async def root():
-    return {"message": "Hello World"}
 
 logger.info("Server started")
\ No newline at end of file

diff --git a/backend/server/routers/users.py b/backend/server/routers/users.py
index ef825ea495b24f27144be4165be9829456b06d3b..36c8b3d01bda23bb4c0c22e59af29f5edc0e1e88 100644 (file)
--- a/backend/server/routers/users.py
+++ b/backend/server/routers/users.py
@@ -39,7 +39,7 @@ async def login(login: Login, response: Response):
     
     # build jwt
     token = create_jwt(user["user_id"], user["username"], derived_key)
-    response.set_cookie(key="token", value=token, httponly=True)
+    response.set_cookie(key="token", value=token, httponly=True, samesite="lax")
     return {"username": user["username"]}
 
 def create_jwt(user_id, username, derived_key):

diff --git a/frontend/src/routes/+layout.svelte b/frontend/src/routes/+layout.svelte
index bd0a3a279744c4dbaf318b118daa5eee0cb3e5d1..879a133118a595dddb7f916faf85df1ee4cfc869 100644 (file)
--- a/frontend/src/routes/+layout.svelte
+++ b/frontend/src/routes/+layout.svelte
@@ -9,7 +9,9 @@
        let inDuration = 150;
        let outDuration = 150;
 
-       let API_URL = dev ? 'http://localhost:8000' : window.location.pathname.replace(/\/+$/, '');
+       let API_URL = dev
+               ? `${window.location.origin.replace(/:5173.*$/gm, '')}:8000`
+               : window.location.pathname.replace(/\/+$/, '');
 
        function logout() {
                axios

diff --git a/frontend/src/routes/+page.svelte b/frontend/src/routes/+page.svelte
index 5587a05050c1cdf2b9c736a65eaff0bbef82acd1..3ff8dc864b8935d5f6eeae51550f9bbfae612c61 100644 (file)
--- a/frontend/src/routes/+page.svelte
+++ b/frontend/src/routes/+page.svelte
@@ -9,7 +9,9 @@
        import { onMount } from 'svelte';
        //import { selectedDate } from './calendar.svelte.js';
 
-       let API_URL = dev ? 'http://localhost:8000' : window.location.pathname.replace(/\/+$/, '');
+       let API_URL = dev
+               ? `${window.location.origin.replace(/:5173.*$/gm, '')}:8000`
+               : window.location.pathname.replace(/\/+$/, '');
 
        axios.interceptors.request.use((config) => {
                config.withCredentials = true;

diff --git a/frontend/src/routes/login/+page.svelte b/frontend/src/routes/login/+page.svelte
index c5af14156496302c84cdca8d34c9012a8b40695e..510252259ffd57f6ac916ea81f85ff075c1d154b 100644 (file)
--- a/frontend/src/routes/login/+page.svelte
+++ b/frontend/src/routes/login/+page.svelte
@@ -19,7 +19,9 @@
        let registration_failed_message = $state('');
        let is_registering = $state(false);
 
-       let API_URL = dev ? 'http://localhost:8000' : window.location.pathname.replace(/\/+$/, '');
+       let API_URL = dev
+               ? `${window.location.origin.replace(/:5173.*$/gm, '')}:8000`
+               : window.location.pathname.replace(/\/+$/, '');
 
        onMount(() => {
                // if params error=440 or error=401, show toast