We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@jwb and @osteele discussed using the cookie-based authentication documented here for single-sign-on across olin.build subdomains.
olin.build
For this to work, something like this would be necessary:
In abe/auth/__init__.py, modify:
abe/auth/__init__.py
response.set_cookie('app_secret', shared_secret) to: response.set_cookie('name', 'value', domain=os.environ.get('AUTH_COOKIE_DOMAIN', None))
response.set_cookie('app_secret', shared_secret)
response.set_cookie('name', 'value', domain=os.environ.get('AUTH_COOKIE_DOMAIN', None))
Document AUTH_COOKIE_DOMAIN as appropriate.
AUTH_COOKIE_DOMAIN
Set AUTH_COOKIE_DOMAIN to olin.build in production (but, probably not, dev).
Questions:
Does response.set_cookie accept domain=None, or does it need a different value in order suppress the domain?
response.set_cookie
domain=None
Will this break clients that aren't served from *.olin.build domain? Maybe the domain should only be set if the referrer is a subdomain.
*.olin.build
The text was updated successfully, but these errors were encountered:
No branches or pull requests
@jwb and @osteele discussed using the cookie-based authentication documented here for single-sign-on across
olin.build
subdomains.For this to work, something like this would be necessary:
In
abe/auth/__init__.py
, modify:response.set_cookie('app_secret', shared_secret)
to:
response.set_cookie('name', 'value', domain=os.environ.get('AUTH_COOKIE_DOMAIN', None))
Document
AUTH_COOKIE_DOMAIN
as appropriate.Set
AUTH_COOKIE_DOMAIN
toolin.build
in production (but, probably not, dev).Questions:
Does
response.set_cookie
acceptdomain=None
, or does it need a different value in order suppress the domain?Will this break clients that aren't served from
*.olin.build
domain? Maybe the domain should only be set if the referrer is a subdomain.The text was updated successfully, but these errors were encountered: