mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-08-02 16:02:15 +02:00
Change SESSION_COOKIE_SAMESITE to Lax (#155)
* Change SESSION_COOKIE_SAMESITE to Lax * Address feedback
This commit is contained in:
parent
18ee041e52
commit
ac046243a3
1 changed files with 4 additions and 3 deletions
|
@ -528,9 +528,10 @@ SESSION_COOKIE_HTTPONLY = True
|
|||
# are we a spring boot application? who knows!
|
||||
SESSION_COOKIE_NAME = "JSESSIONID"
|
||||
|
||||
# Prevents session cookie from being sent if the user
|
||||
# is coming to our site from an external page.
|
||||
SESSION_COOKIE_SAMESITE = "Strict"
|
||||
# Allows session cookie to be sent if the user
|
||||
# is coming to our site from an external page
|
||||
# unless it is via "risky" paths, i.e. POST requests
|
||||
SESSION_COOKIE_SAMESITE = "Lax"
|
||||
|
||||
# instruct browser to only send cookie via HTTPS
|
||||
SESSION_COOKIE_SECURE = True
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue