art-dag/activity-pub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix cross-subdomain cookie for iOS Safari

Browse Source 
Change SameSite from Lax to None to allow cookie to be sent
when navigating between L1 and L2 subdomains. iOS Safari's
Intelligent Tracking Prevention may block Lax cookies.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
gilesb
2026-01-09 16:54:29 +00:00
parent d72b5e0e50
commit f2397e0a73
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server.py
View File

@@ -417,7 +417,7 @@ async def ui_login_submit(request: Request):
value=token.access_token,
httponly=True,
max_age=60 * 60 * 24 * 30, # 30 days
samesite="lax",
samesite="none",
domain=COOKIE_DOMAIN, # Share across subdomains
secure=True # Required for cross-subdomain cookies
)
@@ -503,7 +503,7 @@ async def ui_register_submit(request: Request):
value=token.access_token,
httponly=True,
max_age=60 * 60 * 24 * 30, # 30 days
samesite="lax",
samesite="none",
domain=COOKIE_DOMAIN, # Share across subdomains
secure=True # Required for cross-subdomain cookies
)