From aadbd8c72daec9d05e38e075a9cc0e8980350477 Mon Sep 17 00:00:00 2001
From: Daven Quinn <code@davenquinn.com>
Date: Fri, 18 Oct 2024 21:50:58 -0500
Subject: [PATCH] Updated security information

---
 api/routes/security.py | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/api/routes/security.py b/api/routes/security.py
index a0193d1..561bfcc 100644
--- a/api/routes/security.py
+++ b/api/routes/security.py
@@ -305,25 +305,19 @@ async def redirect_callback(code: str, state: Optional[str] = None):
             response.set_cookie(
                 access_token_key,
                 f"Bearer {access_token}",
-                domain=domain,
                 httponly=True,
                 samesite="lax",
             )
             # Set the same cookie for localhost if we're doing a redirect to another domain (this is likely a dev mode request)
             # We may want to restrict this to development environments in the future...
-            # if redirect_domain not in [domain, ""]:
-            response.set_cookie(
-                access_token_key,
-                f"Bearer {access_token}",
-                domain="localhost",
-                httponly=True,
-                samesite="lax",
-            )
-            response.set_cookie(
-                access_token_key,
-                f"Bearer {access_token}",
-                httponly=True,
-            )
+            if redirect_domain not in [domain, ""]:
+                response.set_cookie(
+                    access_token_key,
+                    f"Bearer {access_token}",
+                    domain="localhost",
+                    httponly=True,
+                    samesite="lax",
+                )
 
             return response