Fix default value for SESSION_COOKIE_SECURE (#8767) (#8769)

github-actions[bot] · SchrodingersGat · web-flow · commit eed62231879d · 2024-12-26T22:40:26.000+11:00
- Default value was previously 'True' - Documentation indicated that it was 'False' - Value in config_template.yaml was 'False' (but commented out) (cherry picked from commit d4ee8c5) Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
diff --git a/src/backend/InvenTree/InvenTree/settings.py b/src/backend/InvenTree/InvenTree/settings.py
@@ -1218,7 +1218,9 @@
     if DEBUG
     else (
         SESSION_COOKIE_SAMESITE == 'None'
-        or get_boolean_setting('INVENTREE_SESSION_COOKIE_SECURE', 'cookie.secure', True)
+        or get_boolean_setting(
+            'INVENTREE_SESSION_COOKIE_SECURE', 'cookie.secure', False
+        )
     )
 )
 
diff --git a/src/backend/InvenTree/config_template.yaml b/src/backend/InvenTree/config_template.yaml
@@ -124,9 +124,9 @@ use_x_forwarded_host: false
 use_x_forwarded_port: false
 
 # Cookie settings (nominally the default settings should be fine)
-#cookie:
-#  secure: false
-#  samesite: false
+cookie:
+  secure: false
+  samesite: false
 
 # Cross Origin Resource Sharing (CORS) settings (see https://github.com/adamchainz/django-cors-headers)
 cors:

Original file line number	Diff line number	Diff line change
`@@ -1218,7 +1218,9 @@`
`1218`	`1218`	`if DEBUG`
`1219`	`1219`	`else (`
`1220`	`1220`	`SESSION_COOKIE_SAMESITE == 'None'`
`1221`		`- or get_boolean_setting('INVENTREE_SESSION_COOKIE_SECURE', 'cookie.secure', True)`
	`1221`	`+ or get_boolean_setting(`
	`1222`	`+ 'INVENTREE_SESSION_COOKIE_SECURE', 'cookie.secure', False`
	`1223`	`+ )`
`1222`	`1224`	`)`
`1223`	`1225`	`)`
`1224`	`1226`