A lexicon-driven AppView for ATProto. happyview.dev
backfill firehose jetstream atproto appview oauth lexicon
8
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: allow session cookies to work cross origin

Trezy 46d98475 fd3ca806

+3 -4
+3 -4
src/auth/routes.rs
··· 92 92 .unwrap_or_else(|| "/".to_string()); 93 93 94 94 // Set the session cookie 95 + // Must use SameSite=None for cross-origin requests (e.g., Pentaract calling HappyView) 95 96 let mut session_cookie = Cookie::new(COOKIE_NAME, did.to_string()); 96 97 session_cookie.set_path("/"); 97 98 session_cookie.set_http_only(true); 98 - session_cookie.set_same_site(axum_extra::extract::cookie::SameSite::Lax); 99 - if state.config.public_url.starts_with("https") { 100 - session_cookie.set_secure(true); 101 - } 99 + session_cookie.set_same_site(axum_extra::extract::cookie::SameSite::None); 100 + session_cookie.set_secure(true); // Required when SameSite=None 102 101 103 102 // Remove the redirect cookie 104 103 let mut redirect_removal = Cookie::from(REDIRECT_COOKIE_NAME);