From 4f2c8cde34a2920892dc8cb722517e1506a415a7 Mon Sep 17 00:00:00 2001
From: anovazzi1 <otavio2204@gmail.com>
Date: Mon, 19 Feb 2024 11:23:27 -0300
Subject: [PATCH] Update cookie settings for login and token refresh

---
 src/backend/langflow/api/v1/login.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/backend/langflow/api/v1/login.py b/src/backend/langflow/api/v1/login.py
index 076ee4ddb..e867839dd 100644
--- a/src/backend/langflow/api/v1/login.py
+++ b/src/backend/langflow/api/v1/login.py
@@ -33,8 +33,8 @@ async def login_to_get_access_token(
 
     if user:
         tokens = create_user_tokens(user_id=user.id, db=db, update_last_login=True)
-        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None, secure=True)
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True)
+        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite="none", secure=True)
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True)
         return tokens
     else:
         raise HTTPException(
@@ -50,7 +50,7 @@ async def auto_login(
 ):
     if settings_service.auth_settings.AUTO_LOGIN:
         tokens = create_user_longterm_token(db)
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True)
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True)
         return tokens
 
     raise HTTPException(
@@ -67,8 +67,8 @@ async def refresh_token(request: Request, response: Response):
     token = request.cookies.get("refresh_token_lf")
     if token:
         tokens = create_refresh_token(token)
-        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite=None, secure=True)
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite=None, secure=True)
+        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, samesite="none", secure=True)
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, samesite="none", secure=True)
         return tokens
     else:
         raise HTTPException(