From a49870b404bb875556b41d3f0488a42407547b4e Mon Sep 17 00:00:00 2001
From: Conor Holden <conor@maykinmedia.nl>
Date: Tue, 16 Jul 2024 11:38:47 +0200
Subject: [PATCH] :wrench:[#45] add session and CSRF samesite option

---
 open_api_framework/conf/base.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py
index 85df04a..7193429 100644
--- a/open_api_framework/conf/base.py
+++ b/open_api_framework/conf/base.py
@@ -416,8 +416,10 @@
 #
 SESSION_COOKIE_SECURE = IS_HTTPS
 SESSION_COOKIE_HTTPONLY = True
+SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Strict")
 
 CSRF_COOKIE_SECURE = IS_HTTPS
+CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Strict")
 
 X_FRAME_OPTIONS = "DENY"