test some cookie stuff

evolutiontransformer/api.py

@@ -22,7 +22,7 @@ app = FastAPI()
 
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["http://localhost:5173"],  # todo add website url
+    allow_origins=["*"],  # Allow all origins for now to debug
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
@@ -47,10 +47,20 @@ class MergeRequest(BaseModel):
 
 def get_session_id(request: Request, response: Response):
     session_id = request.cookies.get("session_id")
+    print(f"Received cookies: {request.cookies}")
+    print(f"Current session_id: {session_id}")
 
     if not session_id:
         session_id = str(uuid.uuid4())
-        response.set_cookie(key="session_id", value=session_id)
+        print(f"Generated new session_id: {session_id}")
+        # Set cookie with appropriate settings
+        response.set_cookie(
+            key="session_id",
+            value=session_id,
+            httponly=True,  # Prevent XSS attacks
+            secure=True,  # Only send over HTTPS in production
+            samesite="lax",  # Allow same-site requests
+        )
 
     return session_id
 

pyproject.toml

@@ -15,6 +15,7 @@ dependencies = [
     "matplotlib>=3.10.6",
     "numpy>=2.3.3",
     "pytest>=8.4.2",
+    "python-multipart>=0.0.20",
     "redis>=6.4.0",
     "torch>=2.8.0",
     "transformers>=4.56.1",

uv.lock

@@ -526,6 +526,7 @@ dependencies = [
     { name = "matplotlib" },
     { name = "numpy" },
     { name = "pytest" },
+    { name = "python-multipart" },
     { name = "redis" },
     { name = "torch" },
     { name = "transformers" },
@@ -544,6 +545,7 @@ requires-dist = [
     { name = "matplotlib", specifier = ">=3.10.6" },
     { name = "numpy", specifier = ">=2.3.3" },
     { name = "pytest", specifier = ">=8.4.2" },
+    { name = "python-multipart", specifier = ">=0.0.20" },
     { name = "redis", specifier = ">=6.4.0" },
     { name = "torch", specifier = ">=2.8.0" },
     { name = "transformers", specifier = ">=4.56.1" },