Closed cmacfarl closed 2 years ago
If the denials were caused by #156 then you don't need to change SESSION_COOKIE_SECURE. #156 only changed Lax to Strict.
plan
Succeeded for Workspace: default
If the denials were caused by #156 then you don't need to change SESSION_COOKIE_SECURE. #156 only changed Lax to Strict.
Sometimes I'll decode the cookie and it can be useful to not have it encrypted. The default for both are the secure settings, so datastores without these properties at all will behave as designed.
Add a config item to allow for turning off secure session cookies. We leave secure cookies on by default. This fixes oidc login on local development environments that are running on 127.0.0.1 that would otherwise run into CSRF token denials caused by #156