tobias/gwoe-antragspruefer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix: Auth-Callback setzt Cookie via HTML-Response statt RedirectResponse

Browse Source
This commit is contained in:
Dotty Dotter 2026-04-10 21:27:32 +02:00
parent 0d0c06106a
commit f56c2af5cd
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app/main.py
View File

@ -324,15 +324,22 @@ async def auth_callback(request: Request, code: str = "", state: str = ""):
tokens = resp.json() tokens = resp.json()
access_token = tokens.get("access_token", "") access_token = tokens.get("access_token", "")
expires_in = tokens.get("expires_in", 3600)
from fastapi.responses import RedirectResponse # HTML-Response statt RedirectResponse: setzt Cookie UND redirected.
response = RedirectResponse("/") # RedirectResponse mit Set-Cookie wird von manchen Browsern bei
response.set_cookie( # 307/302 ignoriert (insb. hinter Reverse-Proxies).
"access_token", access_token, return HTMLResponse(
httponly=True, secure=True, samesite="lax", f"""<!DOCTYPE html><html><head>
max_age=tokens.get("expires_in", 3600), <meta http-equiv="refresh" content="0;url=/">
</head><body><p>Anmeldung erfolgreich, Weiterleitung...</p></body></html>""",
headers={
"Set-Cookie": (
f"access_token={access_token}; Path=/; Secure; HttpOnly; "
f"SameSite=Lax; Max-Age={expires_in}"
)
},
) )
return response
@app.get("/api/auth/login-url") @app.get("/api/auth/login-url")