🔧[#45] add session and CSRF samesite option

Coperh · Coperh · commit a49870b404bb · 2024-08-13T16:34:25.000+02:00
diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py
@@ -416,8 +416,10 @@
 #
 SESSION_COOKIE_SECURE = IS_HTTPS
 SESSION_COOKIE_HTTPONLY = True
+SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Strict")
 
 CSRF_COOKIE_SECURE = IS_HTTPS
+CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Strict")
 
 X_FRAME_OPTIONS = "DENY"
 

Original file line number	Diff line number	Diff line change
`@@ -416,8 +416,10 @@`
`416`	`416`	`#`
`417`	`417`	`SESSION_COOKIE_SECURE = IS_HTTPS`
`418`	`418`	`SESSION_COOKIE_HTTPONLY = True`
	`419`	`+SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Strict")`
`419`	`420`
`420`	`421`	`CSRF_COOKIE_SECURE = IS_HTTPS`
	`422`	`+CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Strict")`
`421`	`423`
`422`	`424`	`X_FRAME_OPTIONS = "DENY"`
`423`	`425`