feat: Enhance session cookie domain handling for IP addresses and single-label hostnames

backend/server/main/settings.py

@@ -135,17 +135,14 @@ SESSION_COOKIE_SAMESITE = 'Lax'
 
 SESSION_COOKIE_SECURE = FRONTEND_URL.startswith('https')
 
-# Parse the FRONTEND_URL
-# Remove and ' from the URL
-
-parsed_url = urlparse(FRONTEND_URL)
-hostname = parsed_url.hostname
-
-# Check if the hostname is an IP address
+hostname = urlparse(FRONTEND_URL).hostname
 is_ip_address = hostname.replace('.', '').isdigit()
 
-if is_ip_address:
-    # Do not set a domain for IP addresses
+# Check if the hostname is single-label (no dots)
+is_single_label = '.' not in hostname
+
+if is_ip_address or is_single_label:
+    # Do not set a domain for IP addresses or single-label hostnames
     SESSION_COOKIE_DOMAIN = None
 else:
     # Use publicsuffix2 to calculate the correct cookie domain
@@ -156,6 +153,7 @@ else:
         # Fallback to the hostname if parsing fails
         SESSION_COOKIE_DOMAIN = hostname
 
+
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.7/howto/static-files/
 

docker-compose.yml

@@ -1,7 +1,7 @@
 services:
   web:
-    build: ./frontend/
-    #image: ghcr.io/seanmorley15/adventurelog-frontend:latest
+    #build: ./frontend/
+    image: ghcr.io/seanmorley15/adventurelog-frontend:latest
     container_name: adventurelog-frontend
     restart: unless-stopped
     environment:
@@ -25,8 +25,8 @@ services:
       - postgres_data:/var/lib/postgresql/data/
 
   server:
-    build: ./backend/
-    #image: ghcr.io/seanmorley15/adventurelog-backend:latest
+    #build: ./backend/
+    image: ghcr.io/seanmorley15/adventurelog-backend:latest
     container_name: adventurelog-backend
     restart: unless-stopped
     environment:
@@ -38,7 +38,7 @@ services:
       - DJANGO_ADMIN_USERNAME=admin
       - DJANGO_ADMIN_PASSWORD=admin
       - DJANGO_ADMIN_EMAIL=admin@example.com
-      - PUBLIC_URL='http://localhost:8016' # Match the outward port, used for the creation of image urls
+      - PUBLIC_URL=http://localhost:8016 # Match the outward port, used for the creation of image urls
       - CSRF_TRUSTED_ORIGINS=http://localhost:8016,http://localhost:8015 # Comma separated list of trusted origins for CSRF
       - DEBUG=False
       - FRONTEND_URL=http://localhost:8015 # Used for email generation. This should be the url of the frontend

frontend/src/routes/+page.server.ts

@@ -58,8 +58,10 @@ export const actions: Actions = {
 
 		// Check if hostname is an IP address
 		const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
+		const isLocalhost = hostname === 'localhost';
+		const isSingleLabel = hostname.split('.').length === 1;
 
-		if (!isIPAddress) {
+		if (!isIPAddress && !isSingleLabel && !isLocalhost) {
 			const parsed = psl.parse(hostname);
 
 			if (parsed && parsed.domain) {

frontend/src/routes/login/+page.server.ts

@@ -120,8 +120,10 @@ function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, respo
 
 			// Check if hostname is an IP address
 			const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
+			const isLocalhost = hostname === 'localhost';
+			const isSingleLabel = hostname.split('.').length === 1;
 
-			if (!isIPAddress) {
+			if (!isIPAddress && !isSingleLabel && !isLocalhost) {
 				const parsed = psl.parse(hostname);
 
 				if (parsed && parsed.domain) {