🔧[#45] add session and CSRF samesite option

Author: Coperh

open_api_framework/conf/base.py

@@ -416,8 +416,16 @@
 #
 SESSION_COOKIE_SECURE = IS_HTTPS
 SESSION_COOKIE_HTTPONLY = True
+# set same-site attribute to None to allow emdedding the SDK for making cross domain
+# requests.
+SESSION_COOKIE_SAMESITE = config(
+    "SESSION_COOKIE_SAMESITE", default="None" if IS_HTTPS else "Lax"
+)
 
 CSRF_COOKIE_SECURE = IS_HTTPS
+CSRF_COOKIE_SAMESITE = config(
+    "CSRF_COOKIE_SAMESITE", default="None" if IS_HTTPS else "Lax"
+)
 
 X_FRAME_OPTIONS = "DENY"