From 633adad5e9ddd51e96df29f362fd95df7a913bfa Mon Sep 17 00:00:00 2001
From: KShivendu <kshivendu1@gmail.com>
Date: Tue, 19 Sep 2023 09:19:41 +0530
Subject: [PATCH] Return amazonaws.com for aws services public urls and add
 tests

---
 supertokens_python/utils.py |  4 ++--
 tests/test_config.py        | 40 +++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/supertokens_python/utils.py b/supertokens_python/utils.py
index d31ddcc3e..9163925f7 100644
--- a/supertokens_python/utils.py
+++ b/supertokens_python/utils.py
@@ -304,10 +304,10 @@ def get_top_level_domain_for_same_site_resolution(url: str) -> str:
     if parsed_url.domain == "":  # type: ignore
         if hostname.endswith(".amazonaws.com"):
             # Example: url http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com
-            # return ec2-xx-yyy-zzz-0.compute-1.amazonaws.com
+            # return amazonaws.com
             # If user deploys the website on the same ec2 instance as the API
             # this use SameSite=lax, otherwise SameSite=none
-            return hostname
+            return "amazonaws.com"
 
         raise Exception(
             "Please make sure that the apiDomain and websiteDomain have correct values"
diff --git a/tests/test_config.py b/tests/test_config.py
index 521827f99..8d69184ed 100644
--- a/tests/test_config.py
+++ b/tests/test_config.py
@@ -736,3 +736,43 @@ async def test_samesite_invalid_config():
             )
         else:
             assert False, "Exception not raised"
+
+
+@mark.asyncio
+async def test_cookie_samesite_with_ec2_public_url():
+    start_st()
+    init(
+        supertokens_config=SupertokensConfig("http://localhost:3567"),
+        app_info=InputAppInfo(
+            app_name="SuperTokens Demo",
+            api_domain="https://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001",
+            website_domain="https://blog.supertokens.com",
+            api_base_path="/",
+        ),
+        framework="fastapi",
+        recipe_list=[session.init(get_token_transfer_method=lambda _, __, ___: "cookie")]
+    )
+
+    # domain name isn't provided so browser decides to use the same host
+    # which will be ec2-xx-yyy-zzz-0.compute-1.amazonaws.com
+    assert SessionRecipe.get_instance().config.cookie_domain is None
+    assert SessionRecipe.get_instance().config.cookie_same_site == "none"
+    assert SessionRecipe.get_instance().config.cookie_secure is True
+
+    reset()
+
+    init(
+        supertokens_config=SupertokensConfig("http://localhost:3567"),
+        app_info=InputAppInfo(
+            app_name="SuperTokens Demo",
+            api_domain="http://ec2-xx-yyy-zzz-0.compute-1.amazonaws.com:3001",
+            website_domain="http://ec2-aa-bbb-ccc-0.compute-1.amazonaws.com:3000",
+            api_base_path="/",
+        ),
+        framework="fastapi",
+        recipe_list=[session.init(get_token_transfer_method=lambda _, __, ___: "cookie")],
+    )
+
+    assert SessionRecipe.get_instance().config.cookie_domain is None
+    assert SessionRecipe.get_instance().config.cookie_same_site == "lax"
+    assert SessionRecipe.get_instance().config.cookie_secure is False