Georges-Antoine Assi be476cb7dc Only set CSRF cookie on http.response.start ...

ASGI spec only allows headers on the http.response.start message;
appending Set-Cookie to body messages is out-of-spec and may break on
some servers. Early-return for non-start messages.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-24 15:46:50 -04:00

..

middleware

Only set CSRF cookie on http.response.start

2026-05-24 15:46:50 -04:00

__init__.py

add tests for oidc handler

2024-12-12 17:37:30 -05:00

base_handler.py

start pre-4.8 cleanup

2026-03-12 23:02:12 -04:00

constants.py

Add device-based save synchronization

2026-01-18 16:50:44 +09:00

hybrid_auth.py

refactor: address PR #3114 review feedback

2026-03-11 10:56:35 +09:00