set domain on cookie response, enforce http=True (#131)

src/api/abandonauth/routers/password_login.py

@@ -43,5 +43,5 @@ async def login_test_user(user_data: PasswordLoginDto, res: Response) -> JwtDto:
         )
 
     access_token = generate_long_lived_jwt(str(password_account.user_id), settings.ABANDON_AUTH_DEVELOPER_APP_ID)
-    res.set_cookie("Authorization", access_token, secure=True, httponly=True)
+    res.set_cookie("Authorization", access_token, domain=settings.ABANDON_AUTH_SITE_URL, secure=True, httponly=True)
     return JwtDto(token=access_token)

src/api/abandonauth/routers/ui.py

@@ -47,7 +47,12 @@ async def index(request: Request, code: str | None = None) -> RedirectResponse:
     if authenticated is False:
         return resp
 
-    resp.set_cookie(key="Authorization", value=token)  # pyright: ignore [reportArgumentType]
+    resp.set_cookie(
+        key="Authorization",
+        value=token,  # pyright: ignore [reportArgumentType]
+        domain=settings.ABANDON_AUTH_SITE_URL,
+        httponly=True
+    )
 
     return resp