zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-02 16:02:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

Change SESSION_COOKIE_SAMESITE to Lax (#155)

Browse source 
* Change SESSION_COOKIE_SAMESITE to Lax

* Address feedback
This commit is contained in:
Seamus Johnston 2022-09-30 20:11:33 +00:00 committed by GitHub
parent 18ee041e52
commit ac046243a3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/registrar/config/settings.py
View file

@ -528,9 +528,10 @@ SESSION_COOKIE_HTTPONLY = True
# are we a spring boot application? who knows!
SESSION_COOKIE_NAME = "JSESSIONID"
# Prevents session cookie from being sent if the user
# is coming to our site from an external page.
SESSION_COOKIE_SAMESITE = "Strict"
# Allows session cookie to be sent if the user
# is coming to our site from an external page
# unless it is via "risky" paths, i.e. POST requests
SESSION_COOKIE_SAMESITE = "Lax"
# instruct browser to only send cookie via HTTPS
SESSION_COOKIE_SECURE = True