Spaces:
Sleeping
Sleeping
thadillo
commited on
Commit
·
f8b1f63
1
Parent(s):
c6befa6
Fix: Session cookies for iframe embedding (Chrome, Edge, etc.)
Browse filesCritical fix for HF Spaces iframe embedding:
- Set SESSION_COOKIE_SAMESITE='None' to allow cookies in iframes
- Set SESSION_COOKIE_SECURE=True for HTTPS (required with SameSite=None)
- Set PERMANENT_SESSION_LIFETIME to 24 hours
- Add SESSION_COOKIE_HTTPONLY for security
Fixes login issues where users enter token but page just reloads.
Chrome, Edge, and other browsers block third-party cookies by default
in iframes unless SameSite=None is set.
- app/__init__.py +6 -0
app/__init__.py
CHANGED
|
@@ -11,6 +11,12 @@ def create_app():
|
|
| 11 |
app = Flask(__name__)
|
| 12 |
app.config['SECRET_KEY'] = os.getenv('FLASK_SECRET_KEY', 'dev-secret-key-change-in-production')
|
| 13 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 |
# Use custom database path if set (for HF Spaces), otherwise use instance folder
|
| 15 |
db_path = os.getenv('DATABASE_PATH')
|
| 16 |
if db_path:
|
|
|
|
| 11 |
app = Flask(__name__)
|
| 12 |
app.config['SECRET_KEY'] = os.getenv('FLASK_SECRET_KEY', 'dev-secret-key-change-in-production')
|
| 13 |
|
| 14 |
+
# Session configuration for iframe embedding (HF Spaces)
|
| 15 |
+
app.config['SESSION_COOKIE_SECURE'] = True # Required for HTTPS
|
| 16 |
+
app.config['SESSION_COOKIE_HTTPONLY'] = True # Security
|
| 17 |
+
app.config['SESSION_COOKIE_SAMESITE'] = 'None' # Allow in iframes
|
| 18 |
+
app.config['PERMANENT_SESSION_LIFETIME'] = 86400 # 24 hours
|
| 19 |
+
|
| 20 |
# Use custom database path if set (for HF Spaces), otherwise use instance folder
|
| 21 |
db_path = os.getenv('DATABASE_PATH')
|
| 22 |
if db_path:
|