From: PhiTux <redacted>
Date: Mon, 30 Dec 2024 17:58:25 +0000 (+0100)
Subject: changed cors/cookie settings
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=3cd1f580d0ba2ed3b2cb33fe5ea8ca67380852dc;p=DailyTxT.git

changed cors/cookie settings
---

diff --git a/backend/server/main.py b/backend/server/main.py
index c358ad3..ab10bfd 100644
--- a/backend/server/main.py
+++ b/backend/server/main.py
@@ -15,6 +15,8 @@ app = FastAPI()
 origins = [
     "http://localhost:5173",
     "localhost:5173",
+    "http://192.168.1.35:5173",
+    "192.168.1.35:5173"
 ]
 
 app.add_middleware(
@@ -28,8 +30,5 @@ app.add_middleware(
 app.include_router(users.router, prefix="/users")
 app.include_router(logs.router, prefix="/logs")
 
-@app.get("/")
-async def root():
-    return {"message": "Hello World"}
 
 logger.info("Server started")
\ No newline at end of file
diff --git a/backend/server/routers/users.py b/backend/server/routers/users.py
index ef825ea..36c8b3d 100644
--- a/backend/server/routers/users.py
+++ b/backend/server/routers/users.py
@@ -39,7 +39,7 @@ async def login(login: Login, response: Response):
     
     # build jwt
     token = create_jwt(user["user_id"], user["username"], derived_key)
-    response.set_cookie(key="token", value=token, httponly=True)
+    response.set_cookie(key="token", value=token, httponly=True, samesite="lax")
     return {"username": user["username"]}
 
 def create_jwt(user_id, username, derived_key):
diff --git a/frontend/src/routes/+layout.svelte b/frontend/src/routes/+layout.svelte
index bd0a3a2..879a133 100644
--- a/frontend/src/routes/+layout.svelte
+++ b/frontend/src/routes/+layout.svelte
@@ -9,7 +9,9 @@
 	let inDuration = 150;
 	let outDuration = 150;
 
-	let API_URL = dev ? 'http://localhost:8000' : window.location.pathname.replace(/\/+$/, '');
+	let API_URL = dev
+		? `${window.location.origin.replace(/:5173.*$/gm, '')}:8000`
+		: window.location.pathname.replace(/\/+$/, '');
 
 	function logout() {
 		axios
diff --git a/frontend/src/routes/+page.svelte b/frontend/src/routes/+page.svelte
index 5587a05..3ff8dc8 100644
--- a/frontend/src/routes/+page.svelte
+++ b/frontend/src/routes/+page.svelte
@@ -9,7 +9,9 @@
 	import { onMount } from 'svelte';
 	//import { selectedDate } from './calendar.svelte.js';
 
-	let API_URL = dev ? 'http://localhost:8000' : window.location.pathname.replace(/\/+$/, '');
+	let API_URL = dev
+		? `${window.location.origin.replace(/:5173.*$/gm, '')}:8000`
+		: window.location.pathname.replace(/\/+$/, '');
 
 	axios.interceptors.request.use((config) => {
 		config.withCredentials = true;
diff --git a/frontend/src/routes/login/+page.svelte b/frontend/src/routes/login/+page.svelte
index c5af141..5102522 100644
--- a/frontend/src/routes/login/+page.svelte
+++ b/frontend/src/routes/login/+page.svelte
@@ -19,7 +19,9 @@
 	let registration_failed_message = $state('');
 	let is_registering = $state(false);
 
-	let API_URL = dev ? 'http://localhost:8000' : window.location.pathname.replace(/\/+$/, '');
+	let API_URL = dev
+		? `${window.location.origin.replace(/:5173.*$/gm, '')}:8000`
+		: window.location.pathname.replace(/\/+$/, '');
 
 	onMount(() => {
 		// if params error=440 or error=401, show toast