settings: set samesite flag on cookies when possible (#71880)

2022-11-30 15:27:52 +01:00 · 2022-11-30 15:27:52 +01:00 · 4b3bcd0149
parent d8d29e2daa
commit 4b3bcd0149
1 changed files with 8 additions and 0 deletions
--- a/src/authentic2/settings.py
+++ b/src/authentic2/settings.py
@ -19,6 +19,7 @@ import logging.config
 import os

 # Load default from Django
+import django
 from django.conf import global_settings
 from django.utils.translation import gettext_lazy as _

@ -59,6 +60,13 @@ DATABASES = {
 SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True
 LANGUAGE_COOKIE_SECURE = True
+CSRF_COOKIE_SAMESITE = 'Lax'
+if django.VERSION < (3, 1):
+    SESSION_COOKIE_SAMESITE = 'Lax'
+    LANGUAGE_COOKIE_SAMESITE = 'Lax'
+else:
+    SESSION_COOKIE_SAMESITE = 'None'
+    LANGUAGE_COOKIE_SAMESITE = 'None'

 # Hey Entr'ouvert is in France !!
 TIME_ZONE = 'Europe/Paris'