♻️ Minor refactor of auth data-flow.

This fixes many issues related to using penpot on-premise instances on different domain than localhost. This changes ensures correct data flow of authenticated and not authenticated sessions.
2025-05-10 11:36:38 +02:00 · 2021-11-26 09:08:23 +01:00 · 2021-11-26 09:08:23 +01:00 · 2596ad27c3
commit 2596ad27c3
parent ece914303a
10 changed files with 95 additions and 56 deletions
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@ -58,7 +58,9 @@
    (assoc response :cookies {cookie-name {:path "/"
                                           :http-only true
                                           :value id
-                                           :same-site (if cors? :none :strict)
+                                           :same-site (cond (not secure?) :lax
+                                                            cors?         :none
+                                                            :else         :strict)
                                           :secure secure?}})))

 (defn- clear-cookies
--- a/backend/src/app/rpc/mutations/profile.clj
+++ b/backend/src/app/rpc/mutations/profile.clj
@ -335,9 +335,9 @@
 ;; --- MUTATION: Logout

 (s/def ::logout
-  (s/keys :req-un [::profile-id]))
+  (s/keys :opt-un [::profile-id]))

-(sv/defmethod ::logout
+(sv/defmethod ::logout {:auth false}
  [{:keys [session] :as cfg} _]
  (with-meta {}
    {:transform-response (:delete session)}))