Set cookie SameSite policy to Lax and skip the HttpOnly flag to allow the...

Set cookie SameSite policy to Lax and skip the HttpOnly flag to allow the cookies to be used by the frontend

Set cookie SameSite policy to Lax and skip the HttpOnly flag to allow the...
Set cookie SameSite policy to Lax and skip the HttpOnly flag to allow the cookies to be used by the frontend
18377ade · Jonas Braathen · 3034f6f5 · 18377ade · 18377ade
Commit 18377ade authored 3 years ago by Jonas Braathen
--- a/gregsite/settings/base.py
+++ b/gregsite/settings/base.py
@@ -78,15 +78,10 @@ AUTHENTICATION_BACKENDS = [
 SESAME_MAX_AGE = 600  # lifetime of token in seconds
 SESSION_COOKIE_AGE = 1800  # lifetime of session in seconds
+CSRF_COOKIE_SAMESITE = "Lax"
-CSRF_COOKIE_SAMESITE = "Strict"
+SESSION_COOKIE_SAMESITE = "Lax"
-SESSION_COOKIE_SAMESITE = "Strict"
+CSRF_COOKIE_HTTPONLY = False
-# CSRF_COOKIE_HTTPONLY = True
+SESSION_COOKIE_HTTPONLY = False
-# SESSION_COOKIE_HTTPONLY = True
-# Enable these in production
-# CSRF_COOKIE_SECURE = True
-# SESSION_COOKIE_SECURE = True
 REST_FRAMEWORK = {
    "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.NamespaceVersioning",

--- a/gregsite/settings/dev.py
+++ b/gregsite/settings/dev.py
@@ -44,13 +44,6 @@ AUTHENTICATION_BACKENDS = [
 LOGIN_REDIRECT_URL = "http://localhost:3000/"
 LOGOUT_REDIRECT_URL = "http://localhost:3000/"
-CSRF_COOKIE_SAMESITE = "Strict"
-SESSION_COOKIE_SAMESITE = "Lax"
-# CSRF_COOKIE_HTTPONLY = True
-# SESSION_COOKIE_HTTPONLY = True
-SESSION_COOKIE_AGE = 1209600  # two weeks for easy development
 LOGGING = {
    "version": 1,
    "disable_existing_loggers": False,