[0.9.28] - OAuth/Auth with httpOnly cookie
All checks were successful
Deploy on push / deploy (push) Successful in 4m32s
All checks were successful
Deploy on push / deploy (push) Successful in 4m32s
This commit is contained in:
12
settings.py
12
settings.py
@@ -4,7 +4,7 @@ import datetime
|
||||
import os
|
||||
from os import environ
|
||||
from pathlib import Path
|
||||
from typing import Literal
|
||||
from typing import Literal, cast
|
||||
|
||||
# Корневая директория проекта
|
||||
ROOT_DIR = Path(__file__).parent.absolute()
|
||||
@@ -85,13 +85,19 @@ SESSION_COOKIE_NAME = "session_token"
|
||||
# 🔒 Автоматически определяем HTTPS на основе окружения
|
||||
SESSION_COOKIE_SECURE = os.getenv("HTTPS_ENABLED", "true").lower() in ["true", "1", "yes"]
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
SESSION_COOKIE_SAMESITE: Literal["lax", "strict", "none"] = "lax"
|
||||
# 🌐 Для cross-origin SSE на поддоменах
|
||||
SESSION_COOKIE_DOMAIN = os.getenv("SESSION_COOKIE_DOMAIN", ".discours.io") # ✅ Работает для всех поддоменов
|
||||
# ✅ Типобезопасная настройка SameSite для cross-origin
|
||||
_samesite_env = os.getenv("SESSION_COOKIE_SAMESITE", "none")
|
||||
SESSION_COOKIE_SAMESITE: Literal["strict", "lax", "none"] = cast(
|
||||
Literal["strict", "lax", "none"],
|
||||
_samesite_env if _samesite_env in ["strict", "lax", "none"] else "none"
|
||||
)
|
||||
SESSION_COOKIE_MAX_AGE = 30 * 24 * 60 * 60 # 30 дней
|
||||
|
||||
MAILGUN_API_KEY = os.getenv("MAILGUN_API_KEY", "")
|
||||
MAILGUN_DOMAIN = os.getenv("MAILGUN_DOMAIN", "discours.io")
|
||||
|
||||
|
||||
# Search service configuration
|
||||
SEARCH_MAX_BATCH_SIZE = int(os.environ.get("SEARCH_MAX_BATCH_SIZE", "25"))
|
||||
SEARCH_CACHE_ENABLED = bool(os.environ.get("SEARCH_CACHE_ENABLED", "true").lower() in ["true", "1", "yes"])
|
||||
|
||||
Reference in New Issue
Block a user