Display some helpful warnings

Otherwise it is too easy for the authentication to fail without it being clear why.
pgjones · Dec 2, 2023 · c54e0d8 · c54e0d8
1 parent 619c456
commit c54e0d8
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/quart_auth/extension.py b/src/quart_auth/extension.py
@@ -225,6 +225,12 @@ async def after_request(self, response: Response) -> Response:
             if user.action == Action.WRITE_PERMANENT:
                 max_age = self.duration
 
+            if self.cookie_secure and not request.is_secure:
+                warnings.warn("Secure cookies will be ignored on insecure requests")
+
+            if self.cookie_samesite == "Strict" and 300 <= response.status_code < 400:
+                warnings.warn("Strict samesite cookies will be ignored on redirects")
+
             token = self.dump_token(user.auth_id)
             response.set_cookie(
                 self.cookie_name,