🔧[#45] add session and CSRF samesite option

maykinmedia · Aug 13, 2024 · b912f6c · b912f6c
1 parent 44eb847
commit b912f6c
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py
@@ -416,8 +416,12 @@
 #
 SESSION_COOKIE_SECURE = IS_HTTPS
 SESSION_COOKIE_HTTPONLY = True
+# set same-site attribute to None to allow emdedding the SDK for making cross domain
+# requests.
+SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Strict")
 
 CSRF_COOKIE_SECURE = IS_HTTPS
+CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Strict")
 
 X_FRAME_OPTIONS = "DENY"