Change SESSION_COOKIE_SAMESITE to Lax (#155)

* Change SESSION_COOKIE_SAMESITE to Lax

* Address feedback
This commit is contained in:
Seamus Johnston 2022-09-30 20:11:33 +00:00 committed by GitHub
parent 18ee041e52
commit ac046243a3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -528,9 +528,10 @@ SESSION_COOKIE_HTTPONLY = True
# are we a spring boot application? who knows!
SESSION_COOKIE_NAME = "JSESSIONID"
# Prevents session cookie from being sent if the user
# is coming to our site from an external page.
SESSION_COOKIE_SAMESITE = "Strict"
# Allows session cookie to be sent if the user
# is coming to our site from an external page
# unless it is via "risky" paths, i.e. POST requests
SESSION_COOKIE_SAMESITE = "Lax"
# instruct browser to only send cookie via HTTPS
SESSION_COOKIE_SECURE = True