Since as of now starlette's response.set_cookie() does not support (starlette==0.13.2 and fastapi==0.52.0) 'samesite flag' so i did it manually as following -
@app.middleware("http")
async def cookie_set(request: Request, call_next):
response = await call_next(request)
if request.user and request.user.set_response_cookie:
token = request.user.set_response_cookie
response.set_cookie(
key="Authorization",
value=token["jwt"].decode("utf-8"),
expires=token["expires"],
httponly=True,
path="/",
secure=True
)
else:
response.delete_cookie(
key="Authorization",
path="/"
)
# just adding samesite flag to set-cookie headers
for idx, header in enumerate(response.raw_headers):
if header[0].decode("utf-8") == "set-cookie":
cookie = header[1].decode("utf-8")
if "SameSite=None" not in cookie:
cookie = cookie + "; SameSite=None"
response.raw_headers[idx] = (header[0], cookie.encode())
return response
Since as of now starlette's response.set_cookie() does not support (starlette==0.13.2 and fastapi==0.52.0) 'samesite flag' so i did it manually as following -
is this okay?