From a070dda9ac6d6587fd5915c7cfa2b98cf996a1cc Mon Sep 17 00:00:00 2001
From: "LUOJIE\\coolp" <php_echo@163.com>
Date: Mon, 2 Feb 2026 16:45:10 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9cookie=E7=9A=84httponly?=
 =?UTF-8?q?=E4=B8=BAfalse?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 dify_1.11.1/api/libs/token.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dify_1.11.1/api/libs/token.py b/dify_1.11.1/api/libs/token.py
index a34db707..8424df2c 100644
--- a/dify_1.11.1/api/libs/token.py
+++ b/dify_1.11.1/api/libs/token.py
@@ -104,7 +104,7 @@ def set_access_token_to_cookie(request: Request, response: Response, token: str,
     response.set_cookie(
         _real_cookie_name(COOKIE_NAME_ACCESS_TOKEN),
         value=token,
-        httponly=True,
+        httponly=False,
         domain=_cookie_domain(),
         secure=is_secure(),
         samesite=samesite,
@@ -117,7 +117,7 @@ def set_refresh_token_to_cookie(request: Request, response: Response, token: str
     response.set_cookie(
         _real_cookie_name(COOKIE_NAME_REFRESH_TOKEN),
         value=token,
-        httponly=True,
+        httponly=False,
         domain=_cookie_domain(),
         secure=is_secure(),
         samesite="Lax",