From a5f91da7d4e99f773d7a75064e6deffa1b992772 Mon Sep 17 00:00:00 2001
From: Gabriel Luiz Freitas Almeida <gabriel@logspace.ai>
Date: Fri, 26 Jan 2024 15:17:30 -0300
Subject: [PATCH] Update cookie settings in login.py

---
 src/backend/langflow/api/v1/login.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/backend/langflow/api/v1/login.py b/src/backend/langflow/api/v1/login.py
index d0fa0e446..29db59855 100644
--- a/src/backend/langflow/api/v1/login.py
+++ b/src/backend/langflow/api/v1/login.py
@@ -33,8 +33,8 @@ async def login_to_get_access_token(
 
     if user:
         tokens = create_user_tokens(user_id=user.id, db=db, update_last_login=True)
-        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, secure=True)
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, secure=True)
+        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True)
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False)
         return tokens
     else:
         raise HTTPException(
@@ -50,7 +50,7 @@ async def auto_login(
 ):
     if settings_service.auth_settings.AUTO_LOGIN:
         tokens = create_user_longterm_token(db)
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, secure=True, samesite="strict")
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False)
         return tokens
 
     raise HTTPException(
@@ -67,8 +67,8 @@ async def refresh_token(request: Request, response: Response):
     token = request.cookies.get("refresh_token_lf")
     if token:
         tokens = create_refresh_token(token)
-        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True, secure=True, samesite="strict")
-        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False, secure=True, samesite="strict")
+        response.set_cookie("refresh_token_lf", tokens["refresh_token"], httponly=True)
+        response.set_cookie("access_token_lf", tokens["access_token"], httponly=False)
         return tokens
     else:
         raise HTTPException(