diff --git a/admin/src/components/MFAuth/index.tsx b/admin/src/components/MFAuth/index.tsx index b236a6c4..704ab183 100644 --- a/admin/src/components/MFAuth/index.tsx +++ b/admin/src/components/MFAuth/index.tsx @@ -173,7 +173,7 @@ class MFAuth extends React.Component {
  1. Save two-factor recovery codes
  2. - Setup up TOTP authentication device, typically a smartphone with Google + Setup TOTP authentication device, typically a smartphone with Google Authenticator, Authy, 1Password or other compatible authenticator app.
diff --git a/backend/.env.example b/backend/.env.example index 0c54b4ec..2ab25783 100644 --- a/backend/.env.example +++ b/backend/.env.example @@ -7,6 +7,9 @@ REDISTOGO_URL="redis://localhost:6379" SECRET_KEY="not-so-secret" SENDGRID_API_KEY="optional, but emails won't send without it" +# set this so third-party cookie blocking doesn't kill backend sessions (production) +# SESSION_COOKIE_DOMAIN="zfnd.org" + # SENTRY_DSN="https://PUBLICKEY@sentry.io/PROJECTID" # SENTRY_RELEASE="optional, provides sentry logging with release info" diff --git a/backend/grant/settings.py b/backend/grant/settings.py index 1dcf6701..cabb52eb 100644 --- a/backend/grant/settings.py +++ b/backend/grant/settings.py @@ -16,7 +16,7 @@ ENV = env.str("FLASK_ENV", default="production") DEBUG = ENV == "development" SITE_URL = env.str('SITE_URL', default='https://zfnd.org') SQLALCHEMY_DATABASE_URI = env.str("DATABASE_URL") -SQLALCHEMY_ECHO = False # True will print queries to log +SQLALCHEMY_ECHO = False # True will print queries to log QUEUES = ["default"] SECRET_KEY = env.str("SECRET_KEY") BCRYPT_LOG_ROUNDS = env.int("BCRYPT_LOG_ROUNDS", default=13) @@ -25,6 +25,9 @@ DEBUG_TB_INTERCEPT_REDIRECTS = False CACHE_TYPE = "simple" # Can be "memcached", "redis", etc. SQLALCHEMY_TRACK_MODIFICATIONS = False +# so backend session cookies are first-party +SESSION_COOKIE_DOMAIN = env.str('SESSION_COOKIE_DOMAIN', default=None) + SENDGRID_API_KEY = env.str("SENDGRID_API_KEY", default="") SENDGRID_DEFAULT_FROM = "noreply@zfnd.org"