diff --git a/users/views.py b/users/views.py index f8e557e..b0a18e9 100644 --- a/users/views.py +++ b/users/views.py @@ -42,7 +42,7 @@ class RefreshAPIView(APIView): serializer = TokenRefreshSerializer(data={'refresh': refresh}) if serializer.is_valid(): res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK) - res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG) + res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=True) return res except TokenError as e: return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED) @@ -93,7 +93,7 @@ class GoogleLoginAPIView(APIView): }, status=status.HTTP_200_OK, ) - res.set_cookie("refresh", str(refresh), httponly=True, samesite=None, secure=not settings.DEBUG) + res.set_cookie("refresh", str(refresh), httponly=True, samesite=None, secure=True) return res else: return Response( @@ -154,7 +154,7 @@ class LoginAPIView(APIView): }, status=status.HTTP_200_OK, ) - res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG) + res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=True) return res else: return Response(serializer.errors) @@ -206,7 +206,7 @@ class SetPortofolioRequiredInfoAPIView(APIView): def patch(self, request): user = request.user serializer = SetPortofolioRequiredInfoSerializer(user, data=request.data) - if serializer.is_valid(): + if serializer.is_valid(raise_exception=True): serializer.save() user.is_custom_url = True user.save()