From 493622ab7e49d0ffcca0d50935a35dba80b30e39 Mon Sep 17 00:00:00 2001 From: sm4640 Date: Sat, 12 Apr 2025 15:53:08 +0900 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix:=20[#30]=20=EC=BF=A0?= =?UTF-8?q?=ED=82=A4=20secure=3Dnot=20settings.debug=EB=A1=9C=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- users/views.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/users/views.py b/users/views.py index 0d5d232..b70013f 100644 --- a/users/views.py +++ b/users/views.py @@ -1,3 +1,5 @@ +from django.conf import settings + from django.shortcuts import get_object_or_404 from rest_framework.views import APIView @@ -28,7 +30,7 @@ class RefreshAPIView(APIView): serializer = TokenRefreshSerializer(data={'refresh': refresh}) if serializer.is_valid(): res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK) - res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True) + res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG) return res except TokenError as e: return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED) @@ -75,7 +77,7 @@ class LoginAPIView(APIView): }, status=status.HTTP_200_OK, ) - res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True) + res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG) return res else: return Response(serializer.errors)