GH-27: Enable the Httponly for authorization cookie

ArtyomVancyan · ArtyomVancyan · commit 4009b0c7a82b · 2023-10-13T18:57:53.000+04:00
diff --git a/src/fastapi_oauth2/core.py b/src/fastapi_oauth2/core.py
@@ -132,7 +132,7 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse:
             value=f"Bearer {access_token}",
             max_age=request.auth.expires,
             expires=request.auth.expires,
-            httponly=request.auth.http,
+            httponly=True,
         )
         return response
 

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ async def token_redirect(self, request: Request, **kwargs) -> RedirectResponse:`
`132`	`132`	`value=f"Bearer {access_token}",`
`133`	`133`	`max_age=request.auth.expires,`
`134`	`134`	`expires=request.auth.expires,`
`135`		`- httponly=request.auth.http,`
	`135`	`+ httponly=True,`
`136`	`136`	`)`
`137`	`137`	`return response`
`138`	`138`