mirror of
https://github.com/All-Hands-AI/OpenHands.git
synced 2026-04-29 03:00:45 -04:00
42 lines
1.3 KiB
Python
42 lines
1.3 KiB
Python
from typing import Literal
|
|
|
|
from fastapi import Request
|
|
from server.constants import IS_FEATURE_ENV, IS_LOCAL_ENV, IS_STAGING_ENV
|
|
from starlette.datastructures import URL
|
|
|
|
from openhands.app_server.config import get_global_config
|
|
|
|
|
|
def get_web_url(request: Request):
|
|
web_url = get_global_config().web_url
|
|
if not web_url:
|
|
scheme = 'http' if request.url.hostname == 'localhost' else 'https'
|
|
web_url = f'{scheme}://{request.url.netloc}'
|
|
else:
|
|
web_url = web_url.rstrip('/')
|
|
return web_url
|
|
|
|
|
|
def get_cookie_domain() -> str | None:
|
|
config = get_global_config()
|
|
web_url = config.web_url
|
|
# for now just use the full hostname except for staging stacks.
|
|
return (
|
|
URL(web_url).hostname
|
|
if web_url and not (IS_FEATURE_ENV or IS_STAGING_ENV or IS_LOCAL_ENV)
|
|
else None
|
|
)
|
|
|
|
|
|
def get_cookie_samesite() -> Literal['lax', 'strict']:
|
|
# Use 'strict' in production for maximum CSRF protection
|
|
# Use 'lax' for local development and staging environments
|
|
# Note: For invitation links from emails, the frontend handles acceptance via
|
|
# an authenticated POST request (same-origin), which works with 'strict' cookies
|
|
web_url = get_global_config().web_url
|
|
return (
|
|
'strict'
|
|
if web_url and not (IS_FEATURE_ENV or IS_STAGING_ENV or IS_LOCAL_ENV)
|
|
else 'lax'
|
|
)
|