make token logins (and cookies in general) work locally/dev

2 files changed, 8 insertions, 6 deletions

diff --git a/python/env.example b/python/env.example
index c986b9d2..9896dc86 100644
--- a/python/env.example
+++ b/python/env.example
@@ -1,4 +1,5 @@
-FLASK_SECRET_KEY=""
+FLASK_SECRET_KEY="TODO-REPLACE-ME"
+FATCAT_DOMAIN="dev.fatcat.wiki"
 # This key used in tests
 FATCAT_API_AUTH_TOKEN="AgEPZGV2LmZhdGNhdC53aWtpAhYyMDE5MDEwMS1kZXYtZHVtbXkta2V5AAImZWRpdG9yX2lkID0gYWFhYWFhYWFhYWFhYmt2a2FhYWFhYWFhYWkAAht0aW1lID4gMjAxOS0wMS0wOVQwMDo1Nzo1MloAAAYgnroNha1hSftChtxHGTnLEmM/pY8MeQS/jBSV0UNvXug="
 FATCAT_API_HOST="http://localhost:9411/v0"
diff --git a/python/fatcat_web/web_config.py b/python/fatcat_web/web_config.py
index cbe519b0..9ce32ed7 100644
--- a/python/fatcat_web/web_config.py
+++ b/python/fatcat_web/web_config.py
@@ -19,7 +19,7 @@ class Config(object):
     GIT_REVISION = subprocess.check_output(["git", "describe", "--always"]).strip().decode('utf-8')
 
     # This is, effectively, the QA/PROD flag
-    FATCAT_DOMAIN = os.environ.get("FATCAT_DOMAIN", default="qa.fatcat.wiki")
+    FATCAT_DOMAIN = os.environ.get("FATCAT_DOMAIN", default="dev.fatcat.wiki")
     FATCAT_API_AUTH_TOKEN = os.environ.get("FATCAT_API_AUTH_TOKEN", default=None)
     FATCAT_API_HOST = os.environ.get("FATCAT_API_HOST", default="https://{}/v0".format(FATCAT_DOMAIN))
 
@@ -39,10 +39,11 @@ class Config(object):
     IA_XAUTH_CLIENT_SECRET = os.environ.get("IA_XAUTH_CLIENT_SECRET", default=None)
 
     # protect cookies (which include API tokens)
-    SESSION_COOKIE_HTTPONLY = True
-    SESSION_COOKIE_SECURE = True
-    SESSION_COOKIE_SAMESITE = 'Lax'
-    PERMANENT_SESSION_LIFETIME = 2678400 # 31 days, in seconds
+    if FATCAT_DOMAIN != "dev.fatcat.wiki":
+        SESSION_COOKIE_HTTPONLY = True
+        SESSION_COOKIE_SECURE = True
+        SESSION_COOKIE_SAMESITE = 'Lax'
+        PERMANENT_SESSION_LIFETIME = 2678400 # 31 days, in seconds
 
     try:
         GIT_RELEASE = raven.fetch_git_sha('..')