Update cookie settings in login.py (#1371)

This pull request updates the cookie settings in the login.py file. Specifically, it removes the "secure" and "samesite" attributes from the response.set_cookie() function calls. This change ensures that the cookies are not restricted to secure connections only and are not limited to same-site requests.
langflow-ai · Jan 26, 2024 · 04f5da3 · 04f5da3
2 parents eece7b6 + e63878b
commit 04f5da3
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "langflow"
-version = "0.6.5a11"
+version = "0.6.5a12"
 description = "A Python package with a built-in web application"
 authors = ["Logspace <[email protected]>"]
 maintainers = [

diff --git a/src/backend/langflow/api/v1/login.py b/src/backend/langflow/api/v1/login.py
@@ -33,8 +33,8 @@ async def login_to_get_access_token(
 
     if user:
         tokens = create_user_tokens(user_id=user.id, db=db, update_last_login=True)
-        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, secure=True)
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, secure=True)
+        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True)
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False)
         return tokens
     else:
         raise HTTPException(
@@ -50,7 +50,7 @@ async def auto_login(
 ):
     if settings_service.auth_settings.AUTO_LOGIN:
         tokens = create_user_longterm_token(db)
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, secure=True, samesite="strict")
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False)
         return tokens
 
     raise HTTPException(
@@ -67,8 +67,8 @@ async def refresh_token(request: Request, response: Response):
     token = request.cookies.get("refresh_token_lf")
     if token:
         tokens = create_refresh_token(token)
-        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, secure=True, samesite="strict")
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, secure=True, samesite="strict")
+        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True)
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False)
         return tokens
     else:
         raise HTTPException(