From fe8061f4494decabef75eb4076c362dc2c93ed73 Mon Sep 17 00:00:00 2001 From: ms Date: Thu, 25 Nov 2021 21:42:27 +0100 Subject: fix cookie path for a proxied blog --- talermerchantdemos/blog/blog.py | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) (limited to 'talermerchantdemos/blog/blog.py') diff --git a/talermerchantdemos/blog/blog.py b/talermerchantdemos/blog/blog.py index 5fce6c8..d8bf6d6 100644 --- a/talermerchantdemos/blog/blog.py +++ b/talermerchantdemos/blog/blog.py @@ -392,18 +392,38 @@ def article(article_name, lang=None, data=None): if ai is not None and au is not None: response = flask.redirect(au) response.set_cookie( - "order_id", ai, path=urllib.parse.quote(f"/essay/{article_name}") + "order_id", + ai, + path=urllib.parse.quote( + flask.request.environ["SCRIPT_NAME"] + f"/essay/{article_name}" + ) ) response.set_cookie( - "order_id", ai, path=urllib.parse.quote(f"/{lang}/essay/{article_name}") + "order_id", + ai, + path=urllib.parse.quote( + flask.request.environ["SCRIPT_NAME"] + f"/{lang}/essay/{article_name}" + ) ) return response # Redirect the browser to a page where the wallet can # run the payment protocol. response = flask.redirect(pay_status["order_status_url"]) - response.set_cookie("order_id", order_id, path=f"/essay/{article_name}") - response.set_cookie("order_id", order_id, path=f"/{lang}/essay/{article_name}") + response.set_cookie( + "order_id", + order_id, + path=urllib.parse.quote( + flask.request.environ["SCRIPT_NAME"] + f"/essay/{article_name}" + ) + ) + response.set_cookie( + "order_id", + order_id, + path=urllib.parse.quote( + flask.request.environ["SCRIPT_NAME"] + f"/{lang}/essay/{article_name}" + ) + ) return response -- cgit v1.2.3